Siemens Automation License Manager Bugs Let Remote Users Deny Service or Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1026354 |
|
SecurityTracker URL: http://securitytracker.com/id/1026354
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 28 2011
|
Impact:
Denial of service via network, Execution of arbitrary code via network, User access via network
|
Exploit Included: Yes
|
|
Description:
Several vulnerabilities were reported in Siemens Automation License Manager. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions.
A remote user can send specially crafted *_licensekey commands to trigger a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.
A remote user can send specially crafted data to trigger an exception or null pointer dereference.
A remote user can create specially crafted HTML that, when loaded by the target user, will invoke the ALMListCtr ActiveX control and overwrite arbitrary files with the privileges of the target user. The CLSID of the vulnerable control is: E57AF4A2-EF57-41D0-8512-FECDA78F1FE7
The original advisory is available at:
http://aluigi.altervista.org/adv/almsrvx_1-adv.txt
Luigi Auriemma reported these vulnerabilities.
|
Impact:
A remote user can execute arbitrary code on the target system.
A remote user can cause denial of service conditions.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.siemens.com/ (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 28 Nov 2011 17:55:08 +0000
Subject: Siemens Automation License Manager
|
http://aluigi.altervista.org/adv/almsrvx_1-adv.txt
|
|
