Multiple functions listening on 910/TCP and 912/TCP are susceptible to heap and stacked-based buffer overflow vulnerabilities which may allow remote execution of arbitrary code.
The part of the server listening on port 910 is vulnerable to some buffer overflows happening during the handling of the On_FC_CTAGLIST_FCS_CADDTAG, On_FC_CTAGLIST_FCS_CDELTAG and On_FC_CTAGLIST_FCS_ADDTAGMS packets where the input strings are copied in a stack buffer of 1024 bytes.
List of the vulnerable functions:
- realwin_3a: 0042f770
- realwin_3b: 0042f670
- realwin_3c: 0042f9c0
- All versions of Realwin 2.1.10 and older.
A remote attacker can cause the device to crash, operate incorrectly, or gain unauthorized access and may be able to execute arbitrary code. Failed exploit attempts may result in a denial-of-service condition.
Digital Bond has not released a Quickdraw IDS Signature for this vulnerability at this time.
Users should upgrade to the 2/14/11 release of RealWin, version 2.1.11.