Published: 31/12/2015 Updated: 31/12/2015

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote malicious users to execute arbitrary code via long command input.

Vulnerable Product	Search on Vulmon	Subscribe to Product
idera uptime infrastructure monitor 7.4

Downtime for Up.Time: time to patch some bugs

The Register • Richard Chirgwin • 09 Dec 2015

Server crash monitor easy to crash

Popular sysadmin tool Up.Time from Idera software needs patching, with bugs exposing it to denial-of-service attacks and possible remote code execution. The bugs in the server monitoring tool (now known as Uptime Infrastructure Monitor), outlined by the Carnegie-Mellon CERT here, cover three CVEs: CVE-2015-2894, CVE-2015-2895 and CVE-2015-2896. The first of these is an uncontrolled format string, in Up.Time 6.0 and 7.2, allowing an attacker to crash the application by sending %n or %s as format ...

CVE-2015-2895

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect