[VulnWatch] Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS ScannerFrom: Marshall Beddoe (Marshall.email@example.com)
- Previous message: SGI Security Coordinator: "[VulnWatch] IRIX default root umask and coredumps"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Sep 2002 09:59:34 -0700 From: "Marshall Beddoe" <Marshall.firstname.lastname@example.org> To: "announce" <email@example.com>
Foundstone Research Labs Advisory - 091802-ISSC
Advisory Name: Remotely Exploitable Buffer Overflow in ISS Scanner
Release Date: September 18, 2002
Application: ISS Scanner 6.2.1
Platforms: Windows NT/2000/XP
Severity: Remote code execution
Vendors: Internet Security Systems (http://www.iss.net)
Authors: Tony Bettini (firstname.lastname@example.org)
CVE Candidate: CAN-2002-1122
The license banner HTTP check performed by ISS Scanner does not check
length of the data returned by the web server being tested. As a result,
a malicious host could be configured to return a long HTTP response that
causes code execution on the ISS Scanner host.
A malicious web server could be setup to return a long HTTP result code,
such that when the ISS Scanner attempts to perform a license
advertisement via an HTTP banner check, a reply is returned that
executes arbitrary code on the ISS Scanner host.
ISS has issued a fix for this vulnerability. It is included within
X-Press Update 6.17.
We recommend applying the vendor patch.
The information contained in this advisory is copyright (c) 2002
Foundstone, Inc. and is believed to be accurate at the time of
publishing, but no representation of any warranty is given,
express, or implied as to its accuracy or completeness. In no
event shall the author or Foundstone be liable for any direct,
indirect, incidental, special, exemplary or consequential
damages resulting from the use or misuse of this information.
This advisory may be redistributed, provided that no fee is
assigned and that the advisory is not modified in any way.