LiveData Inc. Information for VU#190617
LiveData ICCP Server heap buffer overflow vulnerability
It is LiveData's opinion that these issues are software bugs exercised by protocol-illegal data packets, not security vulnerabilities, given that MMS/ICCP over OSI or RFC1006 are not secure protocols intended for use on public networks. It is the user's responsibility to secure MMS/ICCP network traffic at the network level. LiveData Server over RFC1006 is not marketed as a public network service, and those seeking a public network solution should look to Secure ICCP (ICCP over SSL).
Treated as a bug, LiveData always responds to bug reports with software fixes as soon as we possibly can when the bug affects a customer. We do not normally push this information to other customers unless it is likely that they will be adversely affected by the bug. It is LiveData's opinion the no user is likely to be adversely affected by this bug.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to ftp://ftp.livedata.com/ for the latest versions of LiveData Server and LiveData ICCP Server.
If you have feedback, comments, or additional information about this vulnerability, please send us email.