---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: MG-SOFT Net Inspector Multiple Vulnerabilities SECUNIA ADVISORY ID: SA29421 VERIFY ADVISORY: http://secunia.com/advisories/29421/ CRITICAL: Moderately critical IMPACT: Exposure of system information, Exposure of sensitive information, DoS, System access WHERE: >From remote SOFTWARE: MG-SOFT Net Inspector 6.x http://secunia.com/product/17951/ DESCRIPTION: Luigi Auriemma has discovered some vulnerabilities in MG-SOFT Net Inspector, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. 1) A format string error in the Net Inspector HTTP server (mghttpd) can be exploited via a specially crafted HTTP GET request containing format string specifiers. Successful exploitation may allow execution of arbitrary code. 2) Input passed via e.g. a HTTP GET request to the Net Inspector HTTP Server (mghttpd) is not properly sanitised before being used. This can be exploited to display arbitrary files via directory traversal attacks. 3) An error exists in the SNMP Trap Service (MgWTrap3.exe) when processing UDP requests. This can be exploited to crash an affected service via an UDP packet sent to the arbitrary port on which MgWTrap3.exe is listening. 4) An error exists in the Net Inspector Server (niengine) when processing network packets. This can be exploited to freeze the service via a specially crafted packet sent to TCP port 5221 by default. The vulnerabilities are confirmed in version 6.5 on Windows. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/netinsp-adv.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------