Cogent DataHub Multiple Vulnerabilities
September 13, 2011 (revised October 7, 2011)
Luigi Auriemma has disclosed publically mulitple
vulnerabilities with the Cogent DataHub application.
Cogent DataHub is prone to a directory-traversal
vulnerability and an information-disclosure vulnerability
because the application fails to sufficiently sanitize
user-supplied input.
Exploiting the issues may allow an attacker to obtain
sensitive information that could aid in further attacks.
Cogent DataHub is prone to multiple buffer-overflow and
integer-overflow vulnerabilities.
Successfully exploiting these issues may allow attackers to
execute arbitrary code within the context of the privileged
domain (Dom0). Failed attempts will likely cause
denial-of-service conditions.
Cogent has confirmed that the following products are
affected:
- Cogent DataHub ALL Version 7 until 7.1.2
- OPC DataHug PRIOR to Version 6.4.20
- Cascade DataHub ALL of Version 6.6.4.20