|
|
|
|
| |
Credit:
The information has been provided by FistFuXXer.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=808
|
| |
Vulnerable Systems:
* Unisys Business Information Server version 10
If attackers send a packet to the Unisys Business Information Server over a TCP port, the attacker can corrupt stack memory and gain arbitrary code execution.
Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the affected service, usually an administrative account.
Patch Availability:
Unisys has released a patch which addresses this issue. For more information, consult their advisory at the following URL:
ftp://ftp.support.unisys.com/pub/mapper/NT/BIS10.1/Readme.txt
CVE Information:
CVE-2009-1628
Disclosure Timeline:
06/22/2008 - Initial Contact
04/24/2009 - Second Contact Attempt
04/28/2009 - Initial Vendor Response
05/06/2009 - Clarification requested
05/06/2009 - Unisys Lawyer lodge request.
05/06/2009 - Sent Clarification.
05/06/2009 - Clarification received and new clarification requested.
05/07/2009 - Unisys request response.
05/07/2009 - iDefense response regarding PGP key
05/07/2009 - Unisys confirmation.
06/22/2009 - CVE-2009-1628 Assigned by vendor
06/25/2009 - Coordinated Public Disclosure
|
|
|
|
|
