tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\.\pipe\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/39752 | third party advisory vendor advisory |
| http://www.kb.cert.org/vuls/id/602801 | us government resource third party advisory patch |
| http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html | |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | exploit |
| http://www.securityfocus.com/archive/1/511176/100/0/threaded | mailing list |
| http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf | patch vendor advisory |