| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <C81131AE0CE8FC48B5B3D1F888FE33A3976130@maya.csis.local>
Date: Fri, 8 Jun 2007 20:57:22 +0200
From: "Dennis Rand" <rand@...s.dk>
To: "Jared DeMott" <demottja@....edu>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: CSIS Advisory: BlueCoat K9 Web Protection
3.2.36 Overflow
Hey Jared
It does not matter when what was discovered as long as it got fixed J
Best regards
Dennis
Fra: Jared DeMott [mailto:demottja@....edu]
Sendt: 8. juni 2007 19:04
Til: Dennis Rand
Cc: full-disclosure@...ts.grok.org.uk
Emne: Re: [Full-disclosure] CSIS Advisory: BlueCoat K9 Web Protection
3.2.36 Overflow
Dennis Rand wrote:
CSIS Security Group has discovered a remote exploitable arbitrary
overwrite, in the Blue Coat
K9 Web Protection local Web configuration manager on 127.0.0.1 and port
2372.
Justin Seitz of VDA Labs (www.vdalabs.com) already found this bug.
Here's the CVE: CVE-2007-1783.
They had so many bugs, they're rolling this issue and more into the
next release.
We have a working PoC, and believe it could be transformed into remote
via embedded link. For example:
<SCRIPT SRC="http://127.0.0.1:2372/<buffer here>
<http://127.0.0.1:2372/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAA> "></SCRIPT>
Blessings,
Jared
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists