Thursday, January 16, 2014

ICS-CERT Publishes Advisory for Yesterday’s Ecava Alert

Today, in what is probably record time, ICS-CERT published an advisory for the Ecava IntegraXor buffer overflow vulnerability that was reported yesterday in an ICS-CERT alert. The vulnerability was reported yesterday by Luigi at the S4x14 security conference in Miami. Would that all vulnerabilities could be resolved this quickly

ICS-CERT notes that the vulnerability can be remotely exploited by a relatively unskilled attacker using publicly available exploit code. A successful exploit could result in a denial of service.

ICS-CERT reported that Ecava confirmed the existence of the vulnerability and developed a patch for the problem which is now available on-line. Additionally Ecava published a vulnerability notice describing the problem and proposing some additional mitigation measures that can be used to deal with the situation. There is no indication that Luigi has had a chance to verify the efficacy of the mitigation measures/ It is understandable that the Ecava management wants to get this problem addressed as quick as possible since the exploit code is publicly available.

Specifically Ecava notes that to successfully exploit this vulnerability one need the complete project URL. They suggest that users of this system take care not to publish the full URL of projects. They also suggest that system operators not use the default port with the system.

Ecava is to be commended on their quick response to this issue.

No comments:

/* Use this with templates/template-twocol.html */