Siemens SiPass Integrated 'SiPass server'组件缓冲区溢出漏洞
Siemens SiPass Integrated 'SiPass server'组件缓冲区溢出漏洞
发布日期:2012-10-09
更新日期:2012-10-11
受影响系统:
Siemens SiPass Integrated 2.x
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 55835
Siemens SiPass Integrated是访问控制和安全系统。
Siemens SiPass integrated MP2.6及更早版本在处理消息时SiPass server内存在远程缓冲区溢出漏洞,通过向TCP端口4343发送特制的消息,攻击者可利用此漏洞在受影响应用中执行任意代码。
<*来源:Lucas Apa
链接:http://secunia.com/advisories/50900/
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-9
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Siemens
-------
Siemens已经为此发布了一个安全公告(SSA-938777)以及相应补丁:
SSA-938777:Possible Remote Code Execution in SiPass Server
链接:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-9
评论暂时关闭