[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow

To: Dennis Rand <rand@xxxxxxx>
Subject: Re: [Full-disclosure] CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow
From: Jared DeMott <demottja@xxxxxxx>
Date: Fri, 08 Jun 2007 13:04:06 -0400

Dennis Rand wrote:
> CSIS Security Group has discovered a remote exploitable arbitrary
> overwrite, in the Blue Coat
> K9 Web Protection local Web configuration manager on 127.0.0.1 and port
> 2372.
>
>   
Justin Seitz of VDA Labs (www.vdalabs.com) already found this bug.
Here's the CVE: CVE-2007-1783.

 They had so many bugs, they're rolling this issue and more into the
next release.

We have a working PoC, and believe it could be transformed into remote
via embedded link.  For example:
<SCRIPT SRC="http://127.0.0.1:2372/<buffer here>
<http://127.0.0.1:2372/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>"></SCRIPT>

Blessings,
Jared

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow
  - From: Dennis Rand

References:
- [Full-disclosure] CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow
  - From: Dennis Rand

Prev by Date: [Full-disclosure] EEYE: Yahoo Webcam ActiveX Controls Multiple Buffer Overflows
Next by Date: [Full-disclosure] [OpenPKG-SA-2007.021] OpenPKG Security Advisory (wordpress)
Previous by thread: Re: [Full-disclosure] CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow
Next by thread: Re: [Full-disclosure] CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow
Index(es):
- Date
- Thread