iDefense Security Advisory 04.15.10 - Remote exploitation of an integer overflow vulnerability within AgentX++, as distributed with multiple vendors' products, allows attackers to execute arbitrary code with the privileges of the AgentX master process. This vulnerability exists within the AgentX::receive_agentx function. If an attacker sends a request specifying the maximum 32-bit integer as the payload length, adding one will cause an integer overflow, resulting in the allocation of a "0" size buffer. Since an attacker can send as much, or as little, data as they wish, they can overflow the allocated heap buffer by an arbitrary amount.
176f4add59ab7e2454b1c942cc75564e4ab4b26ebd3fe4762e5e77e44a63a6b2