CVE-2015-4049

Name of the Vulnerable Software and Affected Versions Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE versions prior to 40.0IC4 Build 270

Description The issue allows remote authenticated users to cause a denial of service, resulting in data corruption or system crash. This occurs when using program operators during EPSILON (level 5) based codefiles at peak memory usage, triggering CPM stack corruption.

Recommendations For Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE versions prior to 40.0IC4 Build 270, update to MCP-FIRMWARE version 40.0IC4 Build 270 or later to resolve the issue. As a temporary workaround, consider restricting peak memory usage during EPSILON (level 5) based codefile operations to minimize the risk of exploitation.