CVE-2009-4643

Name of the Vulnerable Software and Affected Versions Juniper Odyssey Access Client version 4.72.11421.0

Description The issue is related to a stack-based buffer overflow in the dsInstallerService.dll component of the Juniper Installer Service. This can be exploited by remote attackers who send a long string in a malformed DSSETUPSERVICE CMD UNINSTALL command to the NeoterisSetupService named pipe, allowing them to execute arbitrary code.

Recommendations For Juniper Odyssey Access Client version 4.72.11421.0, consider restricting access to the NeoterisSetupService named pipe until a patch is available. As a temporary workaround, avoid using the DSSETUPSERVICE CMD UNINSTALL command with long strings. At the moment, there is no information about a newer version that contains a fix for this vulnerability.