Executive Summary

Summary
Title Autodesk Backburner Manager contains a stack-based buffer overflow vulnerability
Informations
Name VU#732760 First vendor Publication 2016-03-28
Vendor VU-CERT Last vendor Modification 2016-03-28
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#732760

Autodesk Backburner Manager contains a stack-based buffer overflow vulnerability

Original Release date: 28 Mar 2016 | Last revised: 28 Mar 2016

Overview

Autodesk Backburner 2016, version 2016.0.0.2150 and earlier, fails to properly check the length of command input which may be leveraged to create a denial of service condition or to execute arbitrary code.

Description

CWE-121: Stack-based Buffer Overflow - CVE-2016-2344

The Autodesk Knowledge Network describes Backburner as network-rendering management software that supports Autodesk products. The Backburner Manager process listens on TCP/UDP port 3234 by default, though the user may configure the application to use another port. Also note that the process listens on other ports, which may also expose the vulnerability. There is no authentication scheme to restrict access to the service, and the length of command input is not checked. An unauthenticated attacker may directly send specially crafted commands to the interface to overflow the stack buffer, which may be leveraged to crash the service or to gain arbitrary code execution in the context of the user who started the service. Since the software by design permits unauthenticated users to execute arbitrary commands using the cmdjob utility (refer to CVE-2007-4749), the CVSS score below only accounts for exploitation to achieve denial of service.

Note that in the original Symantec disclosure document describing CVE-2007-4749, the vendor advises users concerned by the security implications to "remove the cmdjob utility from his system." This is not a suitable workaround since the absence of the cmdjob client on the server host has no effect on a remote user's ability to run the cmdjob utility on another system or to produce the network traffic that the official cmdjob client generates.

Impact

A remote, unauthenticated attacker can execute arbitrary code and create a denial of service condition in Backburner 2016.

Solution

The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workaround.

Restrict access

Restrict access to the Backburner 2016 manager.exe service to trusted users and networks. By default, the service listens on TCP/UDP port 3234 in addition to others that should be identified by a system administrator.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Autodesk, IncAffected09 Dec 201528 Mar 2016
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base7.8AV:N/AC:L/Au:N/C:N/I:N/A:C
Temporal7.4E:F/RL:U/RC:C
Environmental1.8CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

  • https://knowledge.autodesk.com/support/3ds-max/troubleshooting/caas/CloudHelp/cloudhelp/2016/ENU/Installation-3DSMax/files/GUID-F6732A30-821C-4547-9FAA-E46BCA13392A-htm.html
  • https://cwe.mitre.org/data/definitions/121.html
  • https://knowledge.autodesk.com/support/3ds-max/troubleshooting/caas/sfdcarticles/sfdcarticles/Backburner-Network-Port-Configuration.html
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4749
  • http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-008.txt

Credit

Thanks to Alex Ondrick for reporting this vulnerability.

This document was written by Joel Land and Will Dormann.

Other Information

  • CVE IDs:CVE-2016-2344
  • Date Public:28 Mar 2016
  • Date First Published:28 Mar 2016
  • Date Last Updated:28 Mar 2016
  • Document Revision:25

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/732760

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
50 % CWE-16 Configuration

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
40509 Autodesk Backburner Manager Server cmdjob Utility Arbitrary Remote Command Ex...

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2016-03-30 05:28:09
  • Multiple Updates
2016-03-29 05:29:04
  • Multiple Updates
2016-03-28 17:23:23
  • First insertion