CVE-2001-0636

Name of the Vulnerable Software and Affected Versions: Raytheon SilentRunner versions 2.0 through 2.0.1

Description: The issue concerns buffer overflows that can be exploited by remote attackers. There are two main ways this can happen: (1) by causing a denial of service in the collector component (cle.exe) through traffic containing long passwords, or (2) by executing arbitrary commands via long HTTP queries in the Knowledge Browser component.

Recommendations: For version 2.0, consider restricting access to the collector component to prevent denial of service attacks, and limit the length of HTTP queries in the Knowledge Browser component to prevent arbitrary command execution. For version 2.0.1, limit the length of HTTP queries in the Knowledge Browser component to prevent arbitrary command execution, and restrict access to the collector component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.