lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <C81131AE0CE8FC48B5B3D1F888FE33A39760D4@maya.csis.local>
Date: Fri, 8 Jun 2007 08:59:50 +0200
From: "Dennis Rand" <rand@...s.dk>
To: <full-disclosure@...ts.grok.org.uk>
Subject: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36
	Overflow

CSIS Security Group has discovered a remote exploitable arbitrary
overwrite, in the Blue Coat
K9 Web Protection local Web configuration manager on 127.0.0.1 and port
2372.

This allows an attacker to perform at least a Denial of Service
condition, on the
usage of internet.

Since the overflow can result in an overwrite of both the return address
and SHE, remote code
execution is possible.

Another attack vector could also be privilege escalation on the local
machine.

The Full advisory can be downloaded at: 
http://www.csis.dk/dk/forside/Bluecoat-k9.pdf


Best regards
Dennis Rand
Malware/Security Researcher
CSIS Security Group
http://www.csis.dk


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ