Check Point Advisories

IntelliCom NetBiter Config Utility Hostname Stack Buffer Overflow

Check Point Reference: CPAI-2009-465
Date Published: 31 Jan 2010
Severity: Medium
Last Updated: Thursday 22 January, 2015
Source:
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description Intellicom NetBiter webSCADA is an embedded SCADA (Supervisory Control And Data Acquisition) solution for various hardware devices, providing remote management through web browsers. NetBiter webSCADA ships with a configuration utility NetBiter Config used to enumerate and configure compatible devices on the LAN. A buffer overflow vulnerability exists in Intellicom NetBiter Config utility that can allow for arbitrary code execution. The vulnerability is due to a boundary error in 'NetbiterConfig.exe' while parsing a certain parameter. Remote unauthenticated attackers can exploit this vulnerability by sending a crafted UDP packet to port 3250 on the target host. Once the packet is received a NetBiter Config console user must be enticed to open the received message. Successful exploitation would allow for executing arbitrary code on the target with the privileges of the currently logged on user. In a case where code execution is unsuccessful, the service will terminate abnormally.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the IntelliCom NetBiter Config Utility Hostname Stack Buffer Overflow protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Application Servers Protection Violation.
Attack Information:  IntelliCom NetBiter Config utility hostname stack buffer overflow

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK