Microsoft Dynamics GP < 10.0 Multiple Vulnerabilities

critical Nessus Plugin ID 33395

Synopsis

The remote host contains an application that is affected by multiple vulnerabilities.

Description

Microsoft Dynamics GP (formerly known as Great Plains), is installed on remote host. The installed version of Microsoft Dynamics GP is affected by multiple vulnerabilities.

- By sending a specially crafted DPS message with a very long IP address or a string, to Distributed Process Server (DPS) or Distributed Process Manager (DPM), it may be possible to overflow a buffer or execute arbitrary code on the remote system.

- By sending a specially crafted DPS message, containing an invalid magic number, it may be possible to cause a denial of service condition and crash the remote system.

- By sending a specially crafted DPM message, it may be possible to execute arbitrary code on the remote system.

It should be noted that code execution will generally result in a complete compromise of the affected system.

Solution

Upgrade to Microsoft Dynamics GP 10.0 or later.

See Also

http://web.archive.org/web/20081203221218/http://xforce.iss.net/xforce/xfdb/25840

http://web.archive.org/web/20081203220631/http://xforce.iss.net/xforce/xfdb/25841

http://web.archive.org/web/20081203223332/http://xforce.iss.net/xforce/xfdb/25842

http://web.archive.org/web/20081203220718/http://xforce.iss.net/xforce/xfdb/25844

Plugin Details

Severity: Critical

ID: 33395

File Name: msdynamics_multiple_vulns.nasl

Version: 1.13

Type: local

Agent: windows

Family: Windows

Published: 7/3/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2006-5265, CVE-2006-5266

BID: 29991

CWE: 119, 20