Raytheon's SilentRunner vulnerable to Multiple Buffer Overflow says ISS X-Force

posted onAugust 7, 2001
by hitbsecnews

Internet Security Systems (ISS) X-Force in conjunction with ISS Emergency Response Services (ERS) has discovered and researched remote vulnerabilities in Raytheon SilentRunner. SilentRunner is a passive network monitoring, discovery and analysis tool. The SilentRunner collector module is the passive network monitoring component of the program. The collector contains multiple buffer overflow vulnerabilities that may be exploited by an attacker on networks monitored by SilentRunner. Successful exploitation can result in a Denial of Service (DoS) attack against the collector, or execution of arbitrary code on the SilentRunner server....

Internet Security Systems Security Advisory

August 6, 2001

Multiple Buffer Overflow Vulnerabilities in Raytheon SilentRunner

Synopsis:

Affected Versions:

Raytheon SilentRunner 2.0
Raytheon SilentRunner 2.0.1

It is unknown at this time if previous versions of SilentRunner are affected by the vulnerabilities described in this advisory. ISS X-Force recommends that SilentRunner customers contact Raytheon to determine if previous versions are vulnerable.

Description:

SilentRunner is an advanced network analysis system built on top of a passive network monitoring engine. The collector monitors and records network traffic for use within other portions of SilentRunner. SilentRunner can view network activity through its own collector, or import network data from various other sources.

Multiple buffer overflow vulnerabilities exist in the collector (cle.exe) component of SilentRunner. The routines that parse passwords for many common protocols such as POP, HTTP, FTP, etc., do not perform necessary bounds checking on user-supplied passwords. It is possible for any user on any network monitored by a SilentRunner collector to craft long strings that will crash the collector and possibly execute arbitrary code on any system running the SilentRunner collector.

An additional buffer overflow vulnerability exists in the SilentRunner "Knowledge Browser", a traffic analysis component of SilentRunner. The Knowledge Browser does not perform adequate bounds checking on certain long HTTP queries. Any user on a SilentRunner monitored network may craft a long HTTP query, which will be recorded by the SilentRunner collector. If the long HTTP query is processed by the Knowledge Browser, malicious code may be executed on the SilentRunner server. Before the Knowledge Browser can process traffic from the Silent Runner collector, it must be manually started by a SilentRunner operator.

Recommendations:

Raytheon is aware of the vulnerabilities described in this advisory.

SilentRunner version 2.0 is vulnerable to all issues described in this advisory. SilentRunner version 2.0.1 contains fixes for the long password overflow vulnerabilities described above. SilentRunner 2.0.1 remains vulnerable to the long HTTP issue.

ISS X-Force will provide detection and assessment support for these vulnerabilities in upcoming X-Press Updates for RealSecure Network Sensor and Internet Scanner.

Additional Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned the Name CAN-2001-0636 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.

Credits:

ISS X-Force would like to thank John Ventura of ISS ERS for discovering this vulnerability.

______

About Internet Security Systems (ISS)
Internet Security Systems is a leading global provider of security management solutions for the Internet, protecting digital assets and ensuring safe and uninterrupted e-business. With its industry-leading intrusion detection and vulnerability assessment, remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to more than 8,000 customers worldwide including 21 of the 25 largest U.S. commercial banks and the top 10 U.S. telecommunications companies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at www.iss.net or call 888-901-7477.

Copyright (c) 2001 Internet Security Systems, Inc.

Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.

Disclaimer

The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.

Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs