[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Vulnerability Alert for esignal



PureBytes Links

Trading Reference Links

FYI - Security notice


@RISK: The Consensus Security Vulnerability Alert
April 1, 2004                                          Vol. 3. Week 13
***********************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

----------------------------------------------------------------------

Part I Critical Vulnerabilities

Part I is compiled by the security team at TippingPoint
(www.tippingpoint.com) as a by-product of that company's continuous
effort to ensure that its intrusion prevention products effectively
block exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems.  A detailed
description of the process may be found at
http://www.sans.org/newsletters/cva/#process

Archives at http://www.sans.org/newsletters/

----------------------------------------------------------------------

MODERATE: eSignal STREAMQUOTE Buffer Overflow
Affected: eSignal version 7.5 and 7.6

Description: eSignal provides real-time stock market quotes and analysis
for investors. The software's main application, "WinSig.exe", runs a
listener on port 80/tcp. This listener is vulnerable to a stack-based
buffer overflow. The overflow can be triggered by sending a specially
crafted "STREAMQUOTE" tag containing over 1040 characters, and exploited
to execute arbitrary code. Exploit code has been publicly posted.

Status: Vendor notified, no patches available.

Council Site Actions: The affected software is not in production or
widespread use at any of the council sites. They reported that no action
was necessary.

References:
Posting by Vizzy
  http://www.securityfocus.com/archive/1/358637/2004-03-19/2004-03-25/0
Exploit Code
  http://viziblesoft.com/insect/sploits/vz-eSignal76.pl
Vendor Homepage
  http://www.esignal.com/esignal/default.asp
SecurityFocus BID
  http://www.securityfocus.com/bid/9978