SAINT CorporationSAINT:9F9B58658FA88E9FF480C21F0364C672Unisys Business Information Server mnet.exe buffer overflow
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.011 Low
EPSS
Percentile
83.9%
Added: 06/30/2009
CVE: CVE-2009-1628
BID: 35494
OSVDB: 55435
Background
The Unisys Business Information Server is an information management solution which provides data access across an enterprise. It includes the **mnet.exe** program which listens for connections on ports 3985/TCP and 3986/TCP.
Problem
A buffer overflow vulnerability in **mnet.exe** allows remote attackers to execute arbitrary commands by sending a specially crafted request of type 0x16 to the server.
Resolution
Install the patch.
References
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=808>
Limitations
Exploit works on Unisys Business Information Server 10.1. Patch KB933729 must be installed on the target operating system in order for this exploit to succeed.
Platforms
Windows Server 2003
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.011 Low
EPSS
Percentile
83.9%