APP: eSignal Buffer Overflow Exploit

This signature detects attempts to exploit a known vulnerability against eSignal, a real-time market data and support tool. Attackers can send maliciously crafted data in a STREAMQUOTE or SNAPQUOTE message, to overflow the buffer and execute code remotely.

Extended Description

It has been reported that eSignal is prone to a remote buffer overflow vulnerability. This issue is due to the application failing to verify the size of user input before storing it in a finite buffer. This issue may be leveraged by an attacker to modify process memory. This may cause a denial of service condition in the process as a result of the memory manipulation. The attacker may further leverage this issue in order to execute arbitrary code; this code would be executed in the security context of the user running the affected process. This issue is reported to affect versions 7.5 and 7.6 of the software. It is quite likely however that earlier versions are affected as well.

Affected Products

Esignal esignal

Short Name
APP:ESIGNAL:OVERFLOW-EXPLOIT
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Buffer CVE-2004-1868 Exploit Overflow bid:9978 eSignal
Release Date
04/01/2004
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3725
Port
TCP/80
False Positive
Unknown
Vendors

Esignal

CVSS Score

7.5

Found a potential security threat?