icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Now SMS/MMS Gateway Multiple Remote Overflows

High

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running the Now SMS/MMS Gateway, a commercial product for managing SMS/MMS messaging on a network.

This version is vulnerable to several remote overflows. The first affects the HTTP server (which is installed by default). Long HTTP authorization messages can cause the application to crash. The second overflow affects the SMPP server (which is not enabled by default). An attacker exploiting these flaws would be able to execute arbitrary code on the remote system.

Solution

When available, apply the vendor-supplied patch. As a workaround, the administrative interface allows for the creation of Access Control Lists (ACLs) that restrict the machines that are allowed to connect to the respective services. Utilize strong ACLs to only allow traffic from trusted hosts.