Remote Code Execution in DiskPulse Server
Critical Nessus Plugin ID 51095
SynopsisThe remote service has a buffer overflow.
DescriptionA stack overflow vulnerability exists in the DiskPulse Server installed on the remote host.
By sending a specially crafted message to the server, a remote attacker can leverage this vulnerability to execute arbitrary code on the server with SYSTEM privileges.
Note that Nessus checked for this vulnerability by sending a specially crafted packet and checking the response, without crashing the service.
All 2.x versions 2.2 and below are known to be affected, and others may be as well.
SolutionUpgrade to version 2.3 as it appears to address the issue.