Signature Detail
Short Name |
APP:AGENTX-RECEIVE-INT-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
AgentX++ receive_agentx Integer Overflow |
Release Date |
2010/10/14 |
Update Number |
1792 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: AgentX++ receive_agentx Integer Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in multiple products that use the AgentX++ software. It is due to an integer overflow error in AgentX::receive_agentx function that can lead to a heap buffer overflow. A remote unauthenticated attacker can exploit this by sending maximum payload length value in a packet to the target server. A successful attack allows for arbitrary code injection and execution with the privileges of the server process. Code injection that does not result in execution can terminate the application due to memory corruption and can result in a denial-of-service condition.
Extended Description
AgentX++ is prone to a remote code-execution vulnerability. Exploiting this issue can let attackers execute arbitrary code within the context of the user running the AgentX master process; in some cases, the superuser may be the owner of the process. Failed attempts may cause the application to crash, denying service to legitimate users. AgentX++ 1.4.16 is vulnerable; other versions may also be affected. In addition, these issues affect versions prior to Helix Server and Helix Mobile Server 14.0. NOTE: This issue was previously covered in BID 39490 (RealNetworks Helix and Helix Mobile Server Multiple Remote Code Execution Vulnerabilities) but has been given its own record to better document it.
Affected Products
- Frank Fock AgentX++ 1.4
- Frank Fock AgentX++ 1.4.16
- Real Networks Helix Mobile Server 11.1.2
- Real Networks Helix Mobile Server 11.1.4
- Real Networks Helix Mobile Server 11.1.6
- Real Networks Helix Mobile Server 11.1.7
- Real Networks Helix Mobile Server 11.1.8
- Real Networks Helix Mobile Server 12.0.0
- Real Networks Helix Mobile Server 12.0.1
- Real Networks Helix Mobile Server 12.0.1 .215
- Real Networks Helix Mobile Server 13.0.0
- Real Networks Helix Server 11.1.2
- Real Networks Helix Server 11.1.4
- Real Networks Helix Server 11.1.6
- Real Networks Helix Server 11.1.7
- Real Networks Helix Server 11.1.8
- Real Networks Helix Server 12.0.0
- Real Networks Helix Server 12.0.1
- Real Networks Helix Server 12.0.1 .215
- Real Networks Helix Server 13.0.0
References
- BugTraq: 39561
- CVE: CVE-2010-1319