Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2005

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-2005
Last Modified 13 Mar 2009 01:35:41
Published 06 May 2008 11:20:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2005

Summary

The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure.

Vulnerable Systems

Application

  • Wonderware Intouch 8.0

  • Wonderware Suitelink 2.0


References

CERT-VN - VU#596268

XF - suitelinkservice-slssvc-dos(42221)

BID - 28974

BUGTRAQ - 20080505 CORE-2008-0129 - Wonderware SuiteLink Denial of Service vulnerability

MILW0RM - 6474

MISC - http://www.coresecurity.com/?action=item&id=2187

SECTRACK - 1019966

SECUNIA - 30063


Last Updated: 27 May 2016 10:47:44