[NT] Flaw in Internet Scanner Parsing Mechanism
From: support@securiteam.comDate: 09/22/02
- Previous message: support@securiteam.com: "[NEWS] Cisco VPN 5000 Client Multiple Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sun, 22 Sep 2002 12:00:45 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Flaw in Internet Scanner Parsing Mechanism
------------------------------------------------------------------------
SUMMARY
ISS X-Force has learned of a text-parsing flaw within Internet Scanner.
Internet Scanner incorrectly parses improperly formatted Web response
messages. This flaw may lead to a buffer overflow within Internet Scanner.
DETAILS
Affected Versions:
Internet Scanner 6.2.1 for Windows NT and Windows 2000
Impact:
The Internet Scanner response-parsing flaw may lead to a denial of service
(DoS) attack or remote command execution on the vulnerable Internet
Scanner server. This attack can only be launched if an attacker configures
a non-standard condition on a computer within the licensed address range.
The attack cannot be launched unless the attacker runs Internet Scanner or
waits for Internet Scanner to be launched by an authorized third party.
Description:
Internet Scanner is a network security vulnerability assessment product.
Vulnerability Assessment products are used to probe networks and
networking devices for security vulnerabilities. Internet Scanner operates
by probing devices across a network and interpreting responses. From this
information, Internet Scanner can discover if a device is vulnerable to
many specific issues.
There is a flaw in how Internet Scanner interprets certain types of
non-standard HTTP responses. If Internet Scanner receives an overly long
and specifically constructed response, a buffer overflow condition may be
triggered. This flaw may cause Internet Scanner to crash, or for arbitrary
commands to be executed. Internet Scanner has the ability to recover from
a crash, and no data is lost.
Recommendations:
Internet Security Systems has developed a fix for this vulnerability,
which is included in the X-Press Update 6.17. The XPU is available now at
<http://www.iss.net/download> http://www.iss.net/download, or it can be
downloaded and installed using the Internet Scanner X-Press Update
Installer. The XPU also includes a check (MalformedHttpStatusResponse) to
identify systems with nonstandard HTTP responses.
Credits:
X-Force would like to thank Foundstone for its research and cooperation in
reporting this vulnerability.
ADDITIONAL INFORMATION
The information has been provided by <mailto:alert@iss.net> X-Force.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] Cisco VPN 5000 Client Multiple Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
