A vulnerability in the way Wonderware SuiteLink handles malformed TCP packets could result in a denial of service.
Wonderware SuiteLink is a protocol based on TCP/IP that runs as a service listening for connections on port 5413/tcp on Microsoft Windows operating systems. A vulnerability exists in the way the Wonderware SuiteLink Service slssvc.exe handles malformed TCP packets. According to Core Security Advisory CORE-2008-0129:
Un-authenticated client programs connecting to the service can send a malformed packet that causes a memory allocation operation (a call to new() operator) to fail returning a NULL pointer. Due to a lack of error-checking for the result of the memory allocation operation, the program later tries to use the pointer as a destination for memory copy operation, triggering an access violation error and terminating the service.
A remote, unauthenticated attacker may be able to cause a denial-of-service condition.
Apply an update
This vulnerability was reported in Core Security Advisory CORE-2008-0129.
This document was written by Chris Taschner.
|Date First Published:||2008-05-06|
|Date Last Updated:||2008-09-17 21:29 UTC|