Unisys Business Information Server Stack Overflow

critical Nessus Plugin ID 42844

Synopsis

The remote Windows host contains an application that is affected by a stack overflow vulnerability.

Description

Unisys Business Information Server is installed on the remote system.

The installed version is affected by a stack overflow vulnerability.
By sending a specially crafted request to the remote service, an attacker may be able to overflow the stack, and potentially execute arbitrary code with system level privileges.

Solution

Apply vendor-supplied patches.

See Also

http://www.nessus.org/u?5fd5fcc6

https://seclists.org/fulldisclosure/2009/Jun/252

ftp://ftp.support.unisys.com/pub/mapper/NT/BIS10.1/Readme.txt

Plugin Details

Severity: Critical

ID: 42844

File Name: unisys_bis_stack_overflow.nasl

Version: 1.13

Type: local

Agent: windows

Family: Windows

Published: 11/18/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:unisys:business_information_server

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/25/2009

Vulnerability Publication Date: 6/25/2009

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-1628

BID: 35494

CWE: 119

SECUNIA: 35572