FastNetMon Community Edition Out-of-Bounds Read Vulnerability in NetFlow v9 Data Processing

A memory safety vulnerability allowing out-of-bounds read has been identified in FastNetMon Community Edition versions through 1.2.9. This issue resides in the NetFlow v9 data flowset processor, specifically within the 'src/netflow_plugin/netflow_v9_collector.cpp' file. The vulnerability arises because the Data template branch iterates over flow records without proper bounds checking against the end of the packet. Exploitation of this flaw could lead to the parser reading arbitrary memory beyond the packet buffer, potentially leaking sensitive information or causing a crash.

Impact

Exploitation of this vulnerability allows for out-of-bounds memory reads, which can lead to information leakage of sensitive data from memory or cause a crash by disrupting the application's normal operation.

Reproduction

The vulnerability can be reproduced by sending a crafted NetFlow v9 template packet followed by a data packet to the FastNetMon collector running on the default UDP port 2055. The template should be designed to exploit the missing bounds check by declaring a record size that exceeds the actual data packet size, causing the collector to read past the intended buffer into adjacent heap memory.

Remediation

Users are advised to firewall the NetFlow port 2055 to allow only recognized router IPs, bind the collector to a specific management interface instead of the default '0.0.0.0', and monitor for anomalous flow record values that could indicate exploitation.