LiveData Inc. Information for VU#190617

LiveData ICCP Server heap buffer overflow vulnerability

Status

Affected

Vendor Statement

It is LiveData's opinion that these issues are software bugs exercised by protocol-illegal data packets, not security vulnerabilities, given that MMS/ICCP over OSI or RFC1006 are not secure protocols intended for use on public networks. It is the user's responsibility to secure MMS/ICCP network traffic at the network level. LiveData Server over RFC1006 is not marketed as a public network service, and those seeking a public network solution should look to Secure ICCP (ICCP over SSL).

Treated as a bug, LiveData always responds to bug reports with software fixes as soon as we possibly can when the bug affects a customer. We do not normally push this information to other customers unless it is likely that they will be adversely affected by the bug. It is LiveData's opinion the no user is likely to be adversely affected by this bug.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Refer to ftp://ftp.livedata.com/ for the latest versions of LiveData Server and LiveData ICCP Server.

If you have feedback, comments, or additional information about this vulnerability, please send us email.