IGSS ODBC Server Multiple Uninitialized Pointer Denial Of Service Vulnerability Network Vulnerability

Summary

The host is running IGSS ODBC Server and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause a denial of service. Impact Level: Application

Solution

Upgrade IGSS 8 ODBC Server (Odbcixv8se.exe) version 11003 or later. For updates refer to http://www.igss.com/

Insight

The flaw is caused by an uninitialized pointer free conditions,when processing specially packets sent to port 20222/TCP, which could be exploited by remote unauthenticated attackers to crash an affected daemon. Note: IGSS uses a 3rd party ODBC driver kit from Dr. DeeBee

Affected

IGSS 8 ODBC Server (Odbcixv8se.exe) Version 10299, Other versions may also be affected.

References

http://packetstormsecurity.org/files/view/99653/
http://www.exploit-db.com/exploits/17033/
http://www.us-cert.gov/control_systems/pdf/ICSA-11-018-02.pdf
http://xforce.iss.net/xforce/xfdb/66261

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Cogent DataHub Multiple Vulnerabilities
freeSSHd SFTP 'rename' and 'realpath' Remote DoS Vulnerability
Epson EventManager 'x-protocol-version' Denial of Service Vulnerability
Freeciv Multiple Remote Denial Of Service Vulnerabilities
Apple QuickTime Multiple Vulnerabilities - Jun09

IGSS ODBC Server Multiple Uninitialized Pointer Denial of Service Vulnerability

Take action and discover your vulnerabilities