ZIM Server Multiple Vulnerabilities Network Vulnerability

Summary

The host is installed with ZIM Server and is prone to multiple vulnerabilities.

Impact

Successful exploitation could result in remote arbitrary code execution and cause denial of service. Impact Level: System

Solution

Upgrde to Zilab Software Zilab Chat and Instant Messaging Server version 3.3 or later For updates refer to http://www.zilab.com/zim.shtml.

Insight

The issues are due to, - boundary errors in the server while handling overly long crafted packets sent to default prot 7700. - a null pointer de-reference within the server will crash the service via a specially crafted packet sent to default port 7700.

Affected

Zilab Software Zilab Chat and Instant Messaging Server 2.1 and prior.

References

http://aluigi.altervista.org/adv/zilabzcsx-adv.txt
http://en.securitylab.ru/nvd/363848.php
http://secunia.com/advisories/29062

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5279, CVE-2008-5280
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Colasoft Capsa Malformed SNMP V1 Packet Remote Denial of Service Vulnerability
EMC Data Protection Advisor NULL Pointer Dereference Denial of Service Vulnerability
Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Linux)
7-Zip Unspecified Archive Handling Vulnerability (Win)
connect to all open ports

Take action and discover your vulnerabilities