Trading Technologies Messaging remove_park Stack Overflow

Critical Nessus Plugin ID 137053

Synopsis

A security trading application running on the remote host is affected by a remote code execution vulnerability.

Description

The Trading Technologies Messaging (TTM) running on the remote host is affected by a remote code execution vulnerability due to the lack of validation of user-supplied data prior to copying it to a fixed-length stack-based buffer when processing a remove_park message. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code on the system with SYSTEM privileges.

Note that the application is reportedly affected by other vulnerabilities; however, this plugin has not tested for those issues.

Solution

Update the Trading Technologies Messaging to 7.1.28.3 or later.

Plugin Details

Severity: Critical

ID: 137053

File Name: tt_ttm_zdi-20-586.nasl

Version: 1.1

Type: remote

Family: General

Published: 2020/06/03

Updated: 2020/06/03

Dependencies: 137054

Risk Information

Risk Factor: Critical

CVSS Score Source: manual

CVSS Score Rationale: Correspond to zdi cvss3 score

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: x-cpe:/a:trading_technologies:ttm

Patch Publication Date: 2020/03/26

Vulnerability Publication Date: 2020/05/06

Reference Information

ZDI: ZDI-20-586