Cogent DataHub < 7.3.4 Malformed POST Request Buffer Overflow

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is affected by a buffer
overflow vulnerability.

Description :

The remote host has a version of Cogent DataHub, formerly known as
Cascade DataHub and OFC DataHub, installed prior to 7.3.4. It is,
therefore, potentially affected by a heap-based buffer overflow
vulnerability that could be triggered by an unspecified malformed POST
request. An unauthenticated, remote attacker could leverage this
vulnerability to execute arbitrary code under the security context of
the DataHub process.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-13-252/

Solution :

Upgrade to Cogent DataHub 7.3.4 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 72486 ()

Bugtraq ID: 63397

CVE ID: