// back

Motorola Netopia netOctopus SDCS Stack Buffer Overflow Vulnerability

07.14.08

BACKGROUND

The Software Distribution Center Server (SDCS) is used to remotely install and manage software on client computers throughout an enterprise. The product is no longer supported, and does not have a landing page.

DESCRIPTION

Remote exploitation of a stack-based buffer overflow vulnerability in Motorola Inc.'s Netopia netOctopus SDCS could allow an attacker to execute arbitrary code with the privileges of the affected service.

The vulnerability exists within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifies the number of bytes that follow. This value is not validated, and is then used to read data into a fixed-size stack buffer. This results in an exploitable stack buffer overflow.

ANALYSIS

Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the affected service, usually SYSTEM. To exploit this vulnerability, all an attacker requires is the ability to connect to the targeted server via TCP port 3814.

DETECTION

iDefense has confirmed the existence of this vulnerability in Netopia netOctopus SDCS version 5.1.2. Previous versions may also be affected.

WORKAROUND

iDefense is currently unaware of any workaround for this issue.

VENDOR RESPONSE

Motorola has ceased support for this product. They have provided the following guidance to existing customers "To prevent these attacks, the user should discontinue use of the netOctopus SDC." Additional information can be found on their site.

http://www.netopia.com/software/products/netoctopus/signin.jsp

CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-2153 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.

DISCLOSURE TIMELINE

04/24/2008 - Initial vendor contact
07/14/2008 - Initial vendor response (product is discontinued)
07/14/2008 - Public disclosure

CREDIT

This vulnerability was reported to iDefense by Stephen Fewer of Harmony Security (www.harmonysecurity.com)

Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php

Free tools, research and upcoming events
http://labs.idefense.com/

LEGAL NOTICES

Copyright © 2010 Verisign, Inc.

Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customer service for permission.

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.