IDA Pro Remote Debugger Server Authentication Bypass
Medium Nessus Network Monitor Plugin ID 3955
SynopsisThe remote host is vulnerable to a flaw that allows for the bypassing of authentication.
DescriptionThe remote host is running DataRescue IDA Pro, a commercial disassembler. This version of IDA Pro is vulnerable to a flaw in the way that it handles remote data passed to the processor_request() function, an authentication function. An attacker exploiting this flaw can bypass authentication and execute commands anonymously. Successful exploitation gives the attacker the ability to execute arbitrary commands on the remote system.
SolutionUpgrade or patch according to vendor recommendations.