Title: NetCat Exec Mode Client Request Buffer Overflow Vulnerability
Severity: CRITICAL
Description:
NetCat is prone to a remotely exploitable buffer overflow. This issue is exposed when the program handles a client request when listening in exec mode, which is specified by the '-e' command line option.
The specific issue is reported to exist in DNS-related code and may be triggered by sending a client request that is over 256 bytes in length. This may allow an attacker to corrupt adjacent regions of stack-memory with attacker-supplied data. In this manner, it is possible to influence execution flow of the application by overwriting a sensitive variable in memory such as an instruction pointer.
Successful exploitation will allow execution of arbitrary code in the context of the program.
It is noted that this issue affects the Windows port, and is not known or confirmed to affect the UNIX-based netcat utility.
Affected Products:
- NetCat NetCat 1.1.0
References:
- NetCat: NetCat Product Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
