Title: The Net CheckBo Denial of Service Vulnerability
Severity: MODERATE
Description:
The Net CheckBo is a program that detects and tracks trojan, Back Orifice, Netbus and Backdoor-G attacks.
A denial of service vulnerability exists in this service. An attacker sending invalid input (80000 arbitrary characters) to TCP ports 54320, 20034, 12345, 12346, 31337, 31666, 1243 or 6713 will cause the 'CHECKBO.EXE' process to terminate and possibly other applications depending on it. It is believed that this is the result of a buffer overflow condition. If this is the case, it may be possible for an attacker to execute arbitrary code through this vulnerability.
It has been reported that CheckBo's alert component will inform the target user of the attacker's connection. Following the alert prompt an application error message will display:
'Application Error.
Exception ElInvalidOperation in module CHECKBO.EXE at 00026450. Text exceeds memo capacity'
A restart of the server is required in order to gain normal functionality.
Affected Products:
- The Net CheckBo 1.56.0
References:
- The Net: CheckBo Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
