Problem
- Product: VisiBroker & AppServer
- VisiBroker Product Version: 08.00.00.C1.03 & below
- AppServer Product Version: 06.07.00.C1.43 & below
Hijackers can cause a denial of service (crash) via a crafted packet to the osagent broadcast port. It triggers a memory allocation failure which either crash the osagent or hog memory resources from the operating system.
Refer the below URLs which discuss about osagent's vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-7126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-7127
Resolution
CR 9599 is raised and the issue is fixed. The fix is included since VisiBroker 7.0 Service Pack 4 & 8.0 Service Pack 1.
AppServer 6.6 & 6.7 is built on top of the VisiBroker product and bundles VisiBroker 7.0 libraries. Please download VisiBroker 7.0 Service Pack 4 to fix this vulnerability
Please refer to the [[Guidelines for Use of the osagent]] article.
AppServer 6.6 & 6.7 is built on top of the VisiBroker product and bundles VisiBroker 7.0 libraries. Please download VisiBroker 7.0 Service Pack 4 to fix this vulnerability
Please refer to the [[Guidelines for Use of the osagent]] article.
Incident #2466417
Old KB# 32124
#2008-7127
#Security
#2008-7126
#Securityvulnerability
#VisiBroker
