Trading Technologies Messaging remove_park Stack Overflow

critical Nessus Plugin ID 137053

Language:

Synopsis

A security trading application running on the remote host is affected by a remote code execution vulnerability.

Description

The Trading Technologies Messaging (TTM) running on the remote host is affected by a remote code execution vulnerability due to the lack of validation of user-supplied data prior to copying it to a fixed-length stack-based buffer when processing a remove_park message. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code on the system with SYSTEM privileges.

Note that the application is reportedly affected by other vulnerabilities; however, this plugin has not tested for those issues.

Solution

Update the Trading Technologies Messaging to 7.1.28.3 or later.

Plugin Details

Severity: Critical

ID: 137053

File Name: tt_ttm_zdi-20-586.nasl

Version: 1.2

Type: remote

Family: General

Published: 6/3/2020

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Correspond to zdi cvss3 score

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: x-cpe:/a:trading_technologies:ttm

Patch Publication Date: 3/26/2020

Vulnerability Publication Date: 5/6/2020

Reference Information

ZDI: ZDI-20-586

Detections

Analytics