Signature Detail

APP: IntelliCom NetBiter Config Utility Hostname Buffer Overflow

This signature detects attempts to exploit a known buffer overflow vulnerability in Intellicom NetBiter Config utility. It is due to a boundary error in "NetbiterConfig.exe" while parsing an overly long "hn" (Hostname) parameter. Remote unauthenticated attackers can exploit this by sending a crafted UDP packet to port 3250 on the target host. Once the packet is received a NetBiter Config console user must be enticed to open the received message. A successful attack allows for executing arbitrary code on the target with the privileges of the currently logged on user. In an unsuccessful attack, the service terminates abnormally.

Extended Description

Intellicom 'NetBiterConfig.exe' is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Affected Products

• IntelliCom Innovation NetBiterConfig.exe 1.3.0

References

• BugTraq: 37325
• CVE: CVE-2009-4462