{"vuid":"VU#213516","idnumber":"213516","name":"LiveData Protocol Server fails to properly handle requests for WSDL files","keywords":["LiveData Protocol Server","heap overflow","WSDL files","scada"],"overview":"The LiveData Protocol Server fails to properly handle requests. This vulnerability may allow a remote attacker to execute arbitrary code.","clean_desc":"The LiveData Protocol Server is real-time data acquisition and processing software used to record and transmit data among process control networks in SCADA environment. A vulnerability exists in the way LiveData Protocol Server handles requests for Web Services Description Language (WSDL) files that may allow a remote attacker to execute arbitrary code. According to iDefense Security Advisory 05.02.07: By supplying a specially crafted request to the service on port 8080, an attacker is able to supply a negative length value to a strncpy call. This value is interpreted by strncpy as a very large positive value. As a result, a memory access violation occurs when attempting to write data past the end of the heap memory segment. Note that this affects versions of LiveData Protocol Server through 5.00.045.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service.","resolution":"Update\nLiveData has released updates to address this issue. See the LiveData downloads website for updated versions.","workarounds":"Block or restrict access Block or restrict access to the LiveData Protocol Server (8080/tcp) from untrusted networks such as the internet.","sysaffected":"","thanks":"This vulnerability was reported in iDefense Security Advisory 05.02.07","author":"This document was written by Chris Taschner.","public":["http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=523","http://secunia.com/advisories/25076/","http://www.livedata.com/content/view/46/23/"],"cveids":["CVE-2007-2489"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-05-03T13:53:57Z","publicdate":"2007-05-02T00:00:00Z","datefirstpublished":"2007-05-03T20:18:33Z","dateupdated":"2008-07-21T18:18:13Z","revision":17,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"15","cam_population":"5","cam_impact":"18","cam_easeofexploitation":"14","cam_attackeraccessrequired":"19","cam_scorecurrent":"13.46625","cam_scorecurrentwidelyknown":"15.710625","cam_scorecurrentwidelyknownexploited":"24.688125","ipprotocol":"tcp","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":13.46625,"vulnote":null}