SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   asn1c Vendors:   Objective Systems
ASN1C Buffer Overflow in rtxMemHeapAlloc() Lets Users Execute Arbitrary Code
SecurityTracker Alert ID:  1036386
SecurityTracker URL:  http://securitytracker.com/id/1036386
CVE Reference:   CVE-2016-5080   (Links to External Site)
Date:  Jul 20 2016
Impact:   Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.0.0; possibly earlier versions
Description:   A vulnerability was reported in ASN1C. A remote or local user can execute arbitrary code on the target system.

A user can send specially crafted ASN.1 data to trigger a buffer overflow in rtxMemHeapAlloc() in the 'asn1rt_a.lib' library and execute arbitrary code on the target system. The code will run with the privileges of the target application or service using the affected library component.

The specific impact depends on the application or service using the vulnerable library component.

The original advisory is available at:

https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080

Lucas Molas reported this vulnerability via Programa Seguridad en TIC and CERT/CC.

Impact:   A user can execute arbitrary code on the target system. The specific impact depends on the application or service using the vulnerable library component.
Solution:   The vendor has issued a fix (interim v7.0.1.x), available from the vendor upon request.
Vendor URL:  www.obj-sys.com/products/asn1c/index.php (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 21 2016 (Cisco Issues Advisory for Cisco ASR 5000 Series Routers) ASN1C Buffer Overflow in rtxMemHeapAlloc() Lets Users Execute Arbitrary Code
Cisco has issued an advisory for Cisco ASR 5000 routers running StarOS versions 17.x, 18.x, 19.x, and 20.x.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC