Server crash monitor easy to crash
Popular sysadmin tool Up.Time from Idera software needs patching, with bugs exposing it to denial-of-service attacks and possible remote code execution. The bugs in the server monitoring tool (now known as Uptime Infrastructure Monitor), outlined by the Carnegie-Mellon CERT here, cover three CVEs: CVE-2015-2894, CVE-2015-2895 and CVE-2015-2896. The first of these is an uncontrolled format string, in Up.Time 6.0 and 7.2, allowing an attacker to crash the application by sending %n or %s as format ...