Title: Raytheon SilentRunner Password Processing Buffer Overflow Vulnerability
Severity: CRITICAL
Description:
SilentRunner is a network traffic monitoring tool offered by Raytheon.
The SilentRunner component responsible for 'sniffing' network traffic is called 'Collector'. Collector contains buffer overflow conditions present when processing passwords for various application protocols.
It may be possible for remote attackers to exploit this vulnerability to crash SilentRunner Collector or execute arbitrary code on the underlying host.
This could be accomplished by sending traffic across an ethernet network monitored by SilentRunner containing an oversized password value (within the specifications of one of the monitored protocols). When the overflow occurs, an attacker may be able to overwrite a function return address with a pointer to shellcode embedded in the packet or placed elsewhere in memory by the attacker. This shellcode would execute with the privileges of the Collector process.
At the very least, an attacker could cause Collector to crash if a critical value such as a return address is corrupted in a manner that causes an invalid memory access.
Affected Products:
- Raytheon SilentRunner 1.6.1
- Raytheon SilentRunner 2.0.0
References:
- Raytheon: SilentRunner Product Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
