Serving A Buffer Overflow to the Unisys Business Information Server

During the course of your life, I am sure you have heard many people refer to "no news" as "good news". If that is the case and no news actually means good news, then I can apply the same logic and tell you that I have some bad news for you. This news is about a stack based buffer overflow vulnerability that has been reported in Unisys. This vulnerability may allow malicious characters to effectively execute arbitrary codes, with the use of the privileges of the affected server.

The risks with regard to this vulnerability are that malicious individuals will be able to send a packet directly to the Unisys Business information server. This could be performed via a TCP port. The dangers with regard to this actually happening, is that a malicious person would be able to go as far as corrupting the stack based memory as well as being able to effectively execute arbitrary code.

It is crucial for Unisys Business information server users to be aware of the factor that this vulnerability can only be carried out, if manipulated network based attack software is used. In order for this to be effective, the software that needs to be use has to be software which has been designed with the primary goal of being able to effectively exploit this exact vulnerability.

I do have some moderately good news for you, which is that a patch for this vulnerability does exit. However this patch, unfortunately, can only be used on a Windows 2003/Windows 2008 Server. There also needs to be an installed version of the Business Information Server 10.1. The majority of Windows users, should be more than familiar with the Windows 2003 and Windows 2008 Server versions. Some of the files of the Windows Server 2003 may include but are not limited to the following: a302.sys, b5820w2k.sys, CasPol.exe, davcprox.dll, e1000325.sys as well as faxinit.exe.

It may be useful, and is highly suggested, that all users always back up a copy of their data. This will prove useful if an operational error occurs, when you are busy installing this patch. The risks of an installation error are likely and therefore it is important for users to take the concept of a backing up data seriously. It can thus be quoted in conclusion:"Storing files on a computer without any backup is like putting all your eggs in one basket, and then throwing it off a very high cliff. They may be safe for a while, but eventually things will get messy."- T.E. Ronneberg