| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Apr 2009 10:00:34 +0200
From: Secunia Research <remove-vuln@...unia.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Secunia Research: Danske Bank e-Sec Control
Module Error Logging Buffer Overflow
======================================================================
Secunia Research 16/04/2009
- Danske Bank e-Sec Control Module Error Logging Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9
======================================================================
1) Affected Software
* Danske Bank Danske e-Sec Control Module ActiveX control
(DanskeSikker.ocx) version 3.1.0.48.
NOTE: Other versions may also be affected.
======================================================================
2) Severity
Rating: Highly critical
Impact: System compromise
Where: Remote
======================================================================
3) Description of Vulnerability
Secunia Research has discovered a vulnerability in Danske Bank Danske
e-Sec Control Module ActiveX control, which can be exploited by
malicious people to compromise a user's system.
The vulnerability is caused by a boundary error in DanskeSikker.ocx
within an error logging function. This can be exploited to cause a
stack-based buffer overflow by passing overly long input to certain
methods when the ActiveX control has been initialised in a specific
manner.
Successful exploitation allows execution of arbitrary code when e.g.
visiting a malicious web site.
======================================================================
4) Solution
Set the kill-bit for the ActiveX control.
The vendor is reportedly working on a fix.
======================================================================
5) Time Table
16/04/2008 - Vendor notified.
16/04/2008 - Vendor response.
25/06/2008 - Status update requested.
27/06/2008 - Vendor response (responsible person is on holiday, but
will provide status update ASAP).
24/07/2008 - Status update requested.
13/08/2008 - Status update requested.
13/08/2008 - Vendor response.
25/08/2008 - Status update requested.
18/09/2008 - Vendor informed that advisory is going out today.
18/09/2008 - Vendor calls asking for extension.
05/11/2008 - Status update requested.
05/11/2008 - Vendor response (currently no progress).
10/11/2008 - Vendor informed about Secunia Reserach disclosure policy
and informed that a new status update will be requested
in a couple of months.
02/03/2009 - Status update requested.
11/03/2009 - Status update requested again.
17/03/2009 - Vendor provides status update (working on a fix).
20/03/2009 - Vendor reminded of Secunia Research disclosure policy.
Advisory will not be coordinated for more than 1 year.
16/04/2009 - Public disclosure.
======================================================================
6) Credits
Discovered by Carsten Eiram, Secunia Research.
======================================================================
7) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2008-1107 for the vulnerability.
======================================================================
8) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
9) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2008-17/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists