To access the Internet, to the very least. Limit traffic on its subnet so that machines make use of a proxy Internet connectivity, he should take the appropriate measures to If a customer decides that he cannot do without one that does not have routing between its hosts and the rest "The backburner package is intended to be used in a closed network
The software can be downloaded for free from the vendors site: The Backburner Manager Server Service listens byĭefault on tcp port 3234 for incoming jobs and responds to broadcastĭiscover requests by default on udp port 3234. The default behavior for the tool is to search for available servers
To gain remote administrative control over the host running the A malicous attacker could leverage this functionality Permissions therfore the service runs with administrative Backburner isĭesigned to be used by administrators on a closed network, theĪpplications that use Backburner require partial administrative That started the Manager service on the remote server. The commands are executed with the privileges of the user account Will be executed by the Backburner Manager service on the render Users to submit jobs consisting of operating system commands that The Autodesk Backburner software remote job queueing tool allows Vendor status: Verified by vendor - Workaround Suggested - No PatchĪutodesk Backburner is a facility wide network render manager forīackburner provides a flexible, centralized solution for trackingĪnd prioritizing background render requests sent by multiple clientĪpplications before sending them to available render nodes for Subject: SYMSA-2007-008: Autodesk Backburner 3.0.2 System BackdoorĪdvisory Title: Autodesk Backburner 3.0.2 : System BackdoorĪuthor: Dave Hartley and Stephen Date: 12-09-2007 (Vendor Issues Fix) Autodesk Backburner cmdjob Utility Lets Remote Users Execute Arbitrary Commands
This archive entry has one or more follow-up message(s) listed below. The vendor notes and the documentation states that the affected cmdjob function is intended for use only on closed networks.Īs a workaround, the cmdjob utility can be removed. No solution was available at the time of this entry. The vulnerable component is used in the following Autodesk products:ģds Max, Combustion, Inferno, Flame, Flint, Fire, Smoke, and Lustre.Ī remote user can execute arbitrary commands on the target system with administrative privileges. The commands will run with the privileges of the target service, which are typically administrative privileges.ĭave Hartley and Stephen Kapp of Symantec reported this vulnerability. A remote user can execute arbitrary commands on the target system.īy design and function, a remote user can send commands to the cmdjob utility on TCP port 3234 on the target system to execute arbitrary operating system commands.
Impact: Execution of arbitrary code via network, Root access via network, User access via networkĪ vulnerability was reported in Autodesk Backburner, used in several Autodesk products. Home | View Topics | Search | Contact Us |Īutodesk Backburner cmdjob Utility Lets Remote Users Execute Arbitrary CommandsĬVE Reference: CVE-2007-4749 (Links to External Site) Autodesk Backburner cmdjob Utility Lets Remote Users Execute Arbitrary Commands - SecurityTracker