Buffer Overflow Vulnerability Note
Security researcher Luigi Auriemma has disclosed information on a buffer overflow vulnerability in IntegraXor. He presented this vulnerability at the S4 conference yesterday. We would like to thank ICS-CERT for notifying IGX development team accordingly.
IGX developers have patched the reported vulnerability and released the fix on the same day the report is received. The fix has been included in latest Release which can be obained at this link: http://www.integraxor.com/download/rc.msi?4.1.4390. All previous release before build 4390 will have this vulnerability impact. Please download and use this build or any later release to fix this vulnerability.
One of the prerequisite of this vulnerability is to have the full path of the project URL. So please avoid to share or publish the deployed project URL. And also avoid to use the system default port number.
Summary of Event
- 15-Jan-2014: Security researcher presented in S4 conference.
- 15-Jan-2014: ICS CERT Contacted IntegraXor support team.
- 16-Jan-2014: Technical report for the vulnerability is received.
- 16-Jan-2014: Security fixed is issued as Release Candidate for general download.
- 16-Jan-2014: Public announcement is made by IntegraXor support team.