Netbiter Config NetbiterConfig.exe Device Hostname Remote Overflow

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a program that is affected by a
buffer overflow vulnerability.

Description :

The Netbiter Config utility is installed on the remote Windows host.
It is a configuration utility used to query and set TCP/IP network
settings in NetBiter WebSCADA devices.

According to its version, the installed version of this utility does
not properly handle specially crafted UDP packets with values of the
'hn' parameter longer than 32 bytes.

An anonymous remote attacker may be able to exploit this issue to
overflow the application's stack and thereby execute arbitrary code
subject to the privileges of the user who launched the utility. Note,
though, that the flaw is reportedly triggered only when the user
double-clicks on a list-box item.

See also :

http://www.nessus.org/u?8a34a3fc
http://www.securityfocus.com/archive/1/508449/30/0/threaded
http://support.intellicom.se/showfile.cfm?FID=45
http://support.intellicom.se/getfile.cfm?FID=150&FPID=85

Solution :

Upgrade to Netbiter Config version 1.3.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 43614 ()

Bugtraq ID: 37325

CVE ID: CVE-2009-4462