APP: AgentX++ receive_agentx Integer Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in multiple products that use the AgentX++ software. It is due to an integer overflow error in AgentX::receive_agentx function that can lead to a heap buffer overflow. A remote unauthenticated attacker can exploit this by sending maximum payload length value in a packet to the target server. A successful attack allows for arbitrary code injection and execution with the privileges of the server process. Code injection that does not result in execution can terminate the application due to memory corruption and can result in a denial-of-service condition.
Extended Description
AgentX++ is prone to a remote code-execution vulnerability. Exploiting this issue can let attackers execute arbitrary code within the context of the user running the AgentX master process; in some cases, the superuser may be the owner of the process. Failed attempts may cause the application to crash, denying service to legitimate users. AgentX++ 1.4.16 is vulnerable; other versions may also be affected. In addition, these issues affect versions prior to Helix Server and Helix Mobile Server 14.0. NOTE: This issue was previously covered in BID 39490 (RealNetworks Helix and Helix Mobile Server Multiple Remote Code Execution Vulnerabilities) but has been given its own record to better document it.
Affected Products
Real_networks helix_server
Short Name
APP:AGENTX-RECEIVE-INT-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
AgentX++ CVE-2010-1319 Integer Overflow bid:39561 receive_agentx
Release Date
10/14/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
tcp/705
False Positive
Unknown
Vendors
Frank_fock
Real_networks
CVSS Score
10.0