Pages

RealWin Integer Overflow Vulnerability

Vulnerability

Multiple functions listening on 910/TCP and 912/TCP are susceptible to heap and stacked-based buffer overflow vulnerabilities which may allow remote execution of arbitrary code.

The part of the server listening on port 910 is vulnerable to some buffer overflows happening during the handling of the On_FC_MISC_FCS_MSGBROADCAST and On_FC_MISC_FCS_MSGSEND packets where is allocated an amount of memory equal to the 32bit size value provided by the client plus 0×16 resulting in a heap overflow during the subsequent copy of the input data.

List of the vulnerable functions:
- realwin_6a: 004326f0
- realwin_6b: 00432ae0

Affected Systems

  • All versions of Realwin 2.1.10 and older.

Impact

A remote attacker can cause the device to crash, operate incorrectly, or gain unauthorized access and may be able to execute arbitrary code. Failed exploit attempts may result in a denial-of-service condition.

Detection

Digital Bond has not released a Quickdraw IDS Signature for this vulnerability at this time.

Remediation

Users should upgrade to the 2/14/11 release of RealWin, version 2.1.11.

External Links

ICS−ALERT-11-080-04 MULTIPLE VULNERABILITIES IN REALFLEX REALWIN