// back

Motorola Netopia netOctopus SDCS Multiple Stack Buffer Overflow Vulnerabilities

14.07.08

BACKGROUND

The Software Distribution Center Server (SDCS) is used to remotely install and manage software on client computers throughout an enterprise. The product is no longer supported, and does not have a landing page.

DESCRIPTION

Remote exploitation of multiple stack based buffer overflow vulnerabilities in Motorola Inc.'s Netopia netOctopus SDCS could allow an attacker to execute arbitrary code with the privileges of the affected service.

The Software Distribution Center Server (SDCS) is used to remotely install and manage software on client machines throughout an enterprise.

The server contains multiple stack based buffer overflow vulnerabilities that can be triggered anonymously by remote attackers. The first vulnerability occurs when the server reads an untrusted 16-bit value in from a packet and then attempts to read this many bytes into a fixed length stack buffer. This results in an attacker being able to overwrite arbitrary amounts of stack memory. The second vulnerability occurs when using the same 16-bit length value to decode attacker-controlled data stored in a stack based buffer.

ANALYSIS

Exploitation of these vulnerabilities results in the execution of arbitrary code with the privileges of the affected service, usually SYSTEM. Since both vulnerabilities are stack based buffer overflows and the application was not compiled with stack cookies, exploitation of these vulnerabilities is trivial.

DETECTION

iDefense has confirmed the existence of this vulnerability in Netopia netOctopus SDCS version 5.1.2. Previous versions may also be affected.

WORKAROUND

iDefense is currently unaware of any workarounds for this issue.

VENDOR RESPONSE

Motorola has ceased support for this product. They have provided the following guidance to existing customers "To prevent these attacks, the user should discontinue use of the netOctopus SDC." Additional information can be found on their site.

http://www.netopia.com/software/products/netoctopus/signin.jsp

CVE INFORMATION

A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number has not been assigned yet.

DISCLOSURE TIMELINE

03/10/2008 - Initial vendor contact
07/14/2008 - Initial vendor response (product is discontinued)
07/14/2008 - Public disclosure

CREDIT

The discoverer of this vulnerability wishes to remain anonymous.

Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php

Free tools, research and upcoming events
http://labs.idefense.com/

LEGAL NOTICES

Copyright © 2010 Verisign, Inc.

Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customer service for permission.

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.