Microsoft Dynamics GP < 10.0 Multiple Vulnerabilities
|
|
Article ID: 33395
Last updated: 27 Jan, 2009
|
|
|
|
Views: 432
|
|
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.
|
|
Microsoft Dynamics GP < 10.0 Multiple Vulnerabilities |
|
| This script is Copyright (C) 2008 Tenable Network Security, Inc. |
|
|
| Family | Windows |
| Plugin ID | 33395 |
| Bugtraq ID | 29991
|
| CVE ID | CVE-2006-5266
CVE-2006-5265
|
|
| Description: |
Synopsis :
The remote host contains an application that is affected by multiple
vulnerabilities.
Description :
Microsoft Dynamics GP (formerly known as Great Plains), is installed on
remote host.
The installed version of Microsoft Dynamics GP is affected by multiple
vulnerabilities.
- By sending a specially crafted DPS message with a very long IP address
or a string, to Distributed Process Server (DPS) or Distributed
Process Manager (DPM), it may be possible to overflow a buffer or
execute arbitrary code on the remote system.
- By sending a specially crafted DPS message, containing an invalid magic
number, it may be possible to cause a denial of service condition and
crash the remote system.
- By sending a specially crafted DPM message, it may be possible to
execute arbitrary code on the remote system.
It should be noted that code execution will generally result in system wide
compromise.
See also :
http://xforce.iss.net/xforce/xfdb/25840
http://xforce.iss.net/xforce/xfdb/25841
http://xforce.iss.net/xforce/xfdb/25842
http://xforce.iss.net/xforce/xfdb/25844
Solution :
Upgrade to Microsoft Dynamics GP 10.0 or later.
Risk factor :
Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C) |
|
