7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.019 Low
EPSS
Percentile
88.4%
Autodesk Backburner 2016, version 2016.0.0.2150 and earlier, fails to properly check the length of command input which may be leveraged to create a denial of service condition or to execute arbitrary code.
CWE-121: Stack-based Buffer Overflow- CVE-2016-2344
The Autodesk Knowledge Network describes Backburner as network-rendering management software that supports Autodesk products. The Backburner Manager process listens on TCP/UDP port 3234 by default, though the user may configure the application to use another port. Also note that the process listens on other ports, which may also expose the vulnerability. There is no authentication scheme to restrict access to the service, and the length of command input is not checked. An unauthenticated attacker may directly send specially crafted commands to the interface to overflow the stack buffer, which may be leveraged to crash the service or to gain arbitrary code execution in the context of the user who started the service. Since the software by design permits unauthenticated users to execute arbitrary commands using the cmdjob
utility (refer to CVE-2007-4749), the CVSS score below only accounts for exploitation to achieve denial of service.
Note that in the original Symantec disclosure document describing CVE-2007-4749, the vendor advises users concerned by the security implications to βremove the cmdjob
utility from his system.β This is not a suitable workaround since the absence of the cmdjob
client on the server host has no effect on a remote userβs ability to run the cmdjob
utility on another system or to produce the network traffic that the official cmdjob
client generates.
A remote, unauthenticated attacker can execute arbitrary code and create a denial of service condition in Backburner 2016.
The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workaround.
Restrict access
Restrict access to the Backburner 2016 manager.exe
service to trusted users and networks. By default, the service listens on TCP/UDP port 3234 in addition to others that should be identified by a system administrator.
732760
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: December 09, 2015 Updated: March 28, 2016
Statement Date: March 25, 2016
Affected
We have reviewed the submission below and determined that its not an issue.The discovered issue is not applicable as the product port (http) is not meant to be used on an internet facing connection. Deployment of the product service is intranet only. The product is also in maintenance release only and has been for over a year. The port (http) is used to monitor running jobs. There is no sensitive data there and the discovered issue of a possible DDOS means the service would be unavailable at most (though this isnβt a internet deployed service as mentioned above.)
We are not aware of further vendor information regarding this vulnerability.
The following points should be considered with respect to the above statement:
β’ The Backburner Manager process is not an HTTP service. It is a command line interface that can be connected to directly (e.g. telnet).
β’ Backburner Manager has been observed to listen on multiple ports, though in a default configuration, port 3234 is specified.
β’ The manner in which Backburner is deployed almost certainly varies by user, regardless of the intentions of the vendor. Users should be aware that it permits the execution of arbitrary code by design (CVE-2007-4749).
β’ The buffer overflow vulnerability (CVE-2016-2344) may be leveraged to terminate the Backburner service (a denial-of-service condition, not distributed). Code execution is possible, but does not grant any additional advantage to an attacker because of CVE-2007-4749.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23732760 Feedback>).
Group | Score | Vector |
---|---|---|
Base | 7.8 | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Temporal | 7.4 | E:F/RL:U/RC:C |
Environmental | 1.8 | CDP:ND/TD:L/CR:ND/IR:ND/AR:ND |
Thanks to Alex Ondrick for reporting this vulnerability.
This document was written by Joel Land and Will Dormann.
CVE IDs: | CVE-2016-2344 |
---|---|
Date Public: | 2016-03-28 Date First Published: |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4749
www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-008.txt
cwe.mitre.org/data/definitions/121.html
knowledge.autodesk.com/support/3ds-max/troubleshooting/caas/CloudHelp/cloudhelp/2016/ENU/Installation-3DSMax/files/GUID-F6732A30-821C-4547-9FAA-E46BCA13392A-htm.html
knowledge.autodesk.com/support/3ds-max/troubleshooting/caas/sfdcarticles/sfdcarticles/Backburner-Network-Port-Configuration.html
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.019 Low
EPSS
Percentile
88.4%