SynopsisA security trading application running on the remote host is affected by a remote code execution vulnerability.
DescriptionThe Trading Technologies Messaging (TTM) running on the remote host is affected by a remote code execution vulnerability due to the lack of validation of user-supplied data prior to copying it to a fixed-length stack-based buffer when processing a remove_park message. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code on the system with SYSTEM privileges.
Note that the application is reportedly affected by other vulnerabilities; however, this plugin has not tested for those issues.
SolutionUpdate the Trading Technologies Messaging to 188.8.131.52 or later.