SAINT CorporationSAINT:CEBDE8B3EC698168BCF3A94A03C5E796Unisys Business Information Server mnet.exe buffer overflow
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.725 High
EPSS
Percentile
97.8%
Added: 06/30/2009
CVE: CVE-2009-1628
BID: 35494
OSVDB: 55435
Background
The Unisys Business Information Server is an information management solution which provides data access across an enterprise. It includes the **mnet.exe** program which listens for connections on ports 3985/TCP and 3986/TCP.
Problem
A buffer overflow vulnerability in **mnet.exe** allows remote attackers to execute arbitrary commands by sending a specially crafted request of type 0x16 to the server.
Resolution
Install the patch.
References
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=808>
Limitations
Exploit works on Unisys Business Information Server 10.1. Patch KB933729 must be installed on the target operating system in order for this exploit to succeed.
Platforms
Windows Server 2003
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.725 High
EPSS
Percentile
97.8%