GO-Global for Windows _USERSA_ Remote Overflow (credentialed check)

critical Nessus Plugin ID 20179

Synopsis

The remote display client or server is affected by a buffer overflow vulnerability.

Description

According to the Windows registry, the remote host is running a version of the GO-Global remote display client or server that fills a small buffer with user-supplied data without first checking its size.
An attacker can leverage this issue to overflow the buffer, causing the server to crash and possibly even allowing for arbitrary code execution on the remote host.

Solution

Upgrade to GO-Global version 3.1.0.3281 or later.

See Also

https://seclists.org/fulldisclosure/2005/Nov/78

Plugin Details

Severity: Critical

ID: 20179

File Name: go_global_overflow_creds.nasl

Version: 1.22

Type: local

Agent: windows

Family: Windows

Published: 11/10/2005

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/a:graphon:go-global

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/2/2005

Reference Information

CVE: CVE-2005-3483

BID: 15285