APP: IntelliCom NetBiter Config Utility Hostname Buffer Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in Intellicom NetBiter Config utility. It is due to a boundary error in "NetbiterConfig.exe" while parsing an overly long "hn" (Hostname) parameter. Remote unauthenticated attackers can exploit this by sending a crafted UDP packet to port 3250 on the target host. Once the packet is received a NetBiter Config console user must be enticed to open the received message. A successful attack allows for executing arbitrary code on the target with the privileges of the currently logged on user. In an unsuccessful attack, the service terminates abnormally.
Extended Description
Intellicom 'NetBiterConfig.exe' is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Affected Products
Intellicom_innovation netbiterconfig.exe
Short Name
APP:MISC:HICP-HOSTNAME
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Buffer CVE-2009-4462 Config Hostname IntelliCom NetBiter Overflow Utility bid:37325
Release Date
10/18/2010
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3336
Port
udp/3250
False Positive
Unknown
Vendors
Intellicom_innovation
CVSS Score
10.0