Summary
The host is installed with ZIM Server and is prone to multiple vulnerabilities.
Impact
Successful exploitation could result in remote arbitrary code execution and cause denial of service.
Impact Level: System
Solution
Upgrde to Zilab Software Zilab Chat and Instant Messaging Server version 3.3 or later For updates refer to http://www.zilab.com/zim.shtml.
Insight
The issues are due to,
- boundary errors in the server while handling overly long crafted packets sent to default prot 7700.
- a null pointer de-reference within the server will crash the service via a specially crafted packet sent to default port 7700.
Affected
Zilab Software Zilab Chat and Instant Messaging Server 2.1 and prior.
References
Severity
Classification
-
CVE CVE-2008-5279, CVE-2008-5280 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Colasoft Capsa Malformed SNMP V1 Packet Remote Denial of Service Vulnerability
- EMC Data Protection Advisor NULL Pointer Dereference Denial of Service Vulnerability
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Linux)
- 7-Zip Unspecified Archive Handling Vulnerability (Win)
- connect to all open ports