Vulnerability Note VU#732760
Autodesk Backburner Manager contains a stack-based buffer overflow vulnerability
Autodesk Backburner 2016, version 2016.0.0.2150 and earlier, fails to properly check the length of command input which may be leveraged to create a denial of service condition or to execute arbitrary code.
CWE-121: Stack-based Buffer Overflow - CVE-2016-2344
The Autodesk Knowledge Network describes Backburner as network-rendering management software that supports Autodesk products. The Backburner Manager process listens on TCP/UDP port 3234 by default, though the user may configure the application to use another port. Also note that the process listens on other ports, which may also expose the vulnerability. There is no authentication scheme to restrict access to the service, and the length of command input is not checked. An unauthenticated attacker may directly send specially crafted commands to the interface to overflow the stack buffer, which may be leveraged to crash the service or to gain arbitrary code execution in the context of the user who started the service. Since the software by design permits unauthenticated users to execute arbitrary commands using the cmdjob utility (refer to CVE-2007-4749), the CVSS score below only accounts for exploitation to achieve denial of service.
A remote, unauthenticated attacker can execute arbitrary code and create a denial of service condition in Backburner 2016.
The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workaround.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Autodesk, Inc||Affected||09 Dec 2015||28 Mar 2016|
CVSS Metrics (Learn More)
Thanks to Alex Ondrick for reporting this vulnerability.
This document was written by Joel Land and Will Dormann.
- CVE IDs: CVE-2016-2344
- Date Public: 28 Mar 2016
- Date First Published: 28 Mar 2016
- Date Last Updated: 28 Mar 2016
- Document Revision: 25
If you have feedback, comments, or additional information about this vulnerability, please send us email.