Microsoft Dynamics GP < 10.0 Multiple Vulnerabilities

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by multiple
vulnerabilities.

Description :

Microsoft Dynamics GP (formerly known as Great Plains), is installed
on remote host. The installed version of Microsoft Dynamics GP is
affected by multiple vulnerabilities.

- By sending a specially crafted DPS message with a very
long IP address or a string, to Distributed Process
Server (DPS) or Distributed Process Manager (DPM), it
may be possible to overflow a buffer or execute
arbitrary code on the remote system.

- By sending a specially crafted DPS message, containing
an invalid magic number, it may be possible to cause a
denial of service condition and crash the remote system.

- By sending a specially crafted DPM message, it may be
possible to execute arbitrary code on the remote system.

It should be noted that code execution will generally result in a
complete compromise of the affected system.

See also :

http://xforce.iss.net/xforce/xfdb/25840
http://xforce.iss.net/xforce/xfdb/25841
http://xforce.iss.net/xforce/xfdb/25842
http://xforce.iss.net/xforce/xfdb/25844

Solution :

Upgrade to Microsoft Dynamics GP 10.0 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:ND)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 33395 ()

Bugtraq ID: 29991

CVE ID: CVE-2006-5265
CVE-2006-5266

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now