Microsoft Dynamics GP DPS and DPM IP address buffer overflow (DPS_IpAddr_Overflow)

About this signature or vulnerability

RealSecure Desktop, Proventia Server IPS for Linux technology, Proventia Desktop, Proventia Network IPS, BlackICE PC Protection, BlackICE Server Protection, RealSecure Server Sensor, RealSecure Network, Proventia Network IDS, Proventia-G 1.1 and earlier, IBM Security Server Protection for Windows, Proventia Network MFS, Virtual Server Protection for Vmware:

This signature reports DPS messages which have an excessively long IP address string.


Default risk level

High risk vulnerability  High

Sensors that have this signature

RealSecure Desktop: epu, Proventia Server IPS for Linux technology: 1.88, Proventia Desktop: 1890, Proventia Network IPS: XPU 1.88, BlackICE PC Protection: 3.6cpu, BlackICE Server Protection: 3.6.cpu, RealSecure Server Sensor: XPU 24.49, RealSecure Network: XPU 24.49, Proventia Network IDS: XPU 24.49, Proventia-G 1.1 and earlier: XPU 24.49, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Network MFS: XPU 1.88, IBM Security Server Protection for Windows: 1.0.914.1890, Virtual Server Protection for Vmware: 1.0

Systems affected

Microsoft Business Solutions Great Plains: 7.5, Microsoft Business Solutions Dynamics: 6.0, Microsoft Business Solutions Dynamics: 7.0, Microsoft Dynamics GP: 9.0

Type

Unauthorized Access Attempt

Vulnerability description

Microsoft Dynamics GP (formerly known as Great Plains) is vulnerable to multiple stack and heap-based buffer overflows in the Distributed Process Server (DPS) and Distributed Process Manager (DPM) components. By sending a specially-crafted DPS message containing an overly long IP address, a remote attacker could overflow a buffer and execute arbitrary code on the system.

How to remove this vulnerability

Upgrade to the latest version of Microsoft Dynamics GP (9.0 SP3 or 10.0 or later), available from the Microsoft Web site. See References.

References

Microsoft Web site
What's new in Microsoft Dynamics GP 10.0
http://www.microsoft.com/dynamics/gp/product/10.mspx

ISS X-Force
Microsoft Dynamics GP DPS and DPM IP address buffer overflow
http://www.iss.net/security_center/static/25841.php

CVE
CVE-2006-5266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5266