Now SMS/MMS Gateway Multiple Remote Overflows
High Nessus Network Monitor Plugin ID 4389
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThe remote host is running the Now SMS/MMS Gateway, a commercial product for managing SMS/MMS messaging on a network.
This version is vulnerable to several remote overflows. The first affects the HTTP server (which is installed by default). Long HTTP authorization messages can cause the application to crash. The second overflow affects the SMPP server (which is not enabled by default). An attacker exploiting these flaws would be able to execute arbitrary code on the remote system.
SolutionWhen available, apply the vendor-supplied patch. As a workaround, the administrative interface allows for the creation of Access Control Lists (ACLs) that restrict the machines that are allowed to connect to the respective services. Utilize strong ACLs to only allow traffic from trusted hosts.