RTI Connext DDS 5.1.1.x < 5.1.1.5 / 5.2.3.x < 5.2.3.17 / 5.2.7 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote Windows host is affected by
multiple vulnerabilities.

Description :

The version of Real Time Innovations (RTI) Connext Data Distribution
Service (DDS) installed on the remote Windows host is 5.1.1.x prior to
5.1.1.5 or 5.2.3.x prior to either 5.2.3.17 or 5.2.7. It is,
therefore, affected by multiple vulnerabilities :

- A heap-based buffer overflow condition exists that
allows an unauthenticated, remote attacker to execute
arbitrary code with system privileges.

- An integer overflow condition exists that allows an
unauthenticated, remote attacker to execute arbitrary
code with system privileges.

- A deserialization issue exists due to improper
validation of user-supplied data. An unauthenticated,
remote attacker can exploit this to cause a denial of
service condition and potentially the execution of
arbitrary code.

- An out-of-bounds memory buffer issue exists that allows
an unauthenticated, remote attacker to cause a denial of
service condition and execute arbitrary code with system
privileges.

Solution :

Upgrade to RTI Connext DDS version 5.1.1.5 / 5.2.3.17 / 5.2.7 or
later.

Note that customers with uncommon architectures may need to contact
RTI for a custom patch. RTI is planning a major software release in
June 2017 to address the vulnerabilities on all currently supported
architectures.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Windows

Nessus Plugin ID: 99476 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now