Netegrity SiteMinder Affiliate Agent Cookie Overflow

advisories_at_atstake.com
Date: 04/23/04

  • Next message: advisories: "Potential Microsoft PCT worm (MS04-011)" 
    To: <bugtraq@securityfocus.com>
Date: Thu, 22 Apr 2004 19:38:49 -0400

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

                                    @stake, Inc.
                                  www.atstake.com

                                 Security Advisory

    Advisory Name: Netegrity SiteMinder Affiliate Agent Cookie
                   Overflow
     Release Date: 04/22/2004
      Application: SiteMinder Affiliate Agent 4.x
         Platform: Solaris, Windows, HP-UX
         Severity: A remote attacker can execute arbitrary commands
           Author: Jeremy Jethro <jjethro@si.rr.com>
    Vendor Status: Vendor has patch available
    CVE Candidate: CAN-2004-0425 SiteMinder Affiliate Agent Cookie
                   Overflow
        Reference: www.atstake.com/research/advisories/2004/a042204-1.txt

    Overview:

    The SiteMinder Affiliate Agent is a plugin that provides a connection
    from a main portal to an affiliate site without requiring a user to
    re-identify or provide additional information about them. The
    affiliate site can determine that the user has been registered at the
    main portal, and optionally, that the user has an active SiteMinder
    session.

    Details:

    The SMPROFILE cookie is used by the affiliate agent to determine if
    the user has been registered to the main portal. A remotely
    exploitable heap overflow can be triggered by passing a large value
    to the SMPROFILE cookie.

    A Nessus (NASL) script, siteminder_aa.nasl, which can be used to
    scan for vulnerable servers, will be released after a 30 day delay.

    Web servers that use the vulnerable SiteMinder plugin will quit
    responding to requests when the NASL script is executed.

    Vendor Response:

    The handling of HTTP cookies has been modified to correctly process
    cookies of all sizes.

    Please download and install the following package to apply the fix:

         Web Agent 4QMR6 HF-016

    The package is available at https://support.netegrity.com

    Please contact Netegrity Support for more information.

    Toll-free Phone Number (U.S and Canada only):
    (877) 748-3646 (or 877-SITEMINDER)
    International Phone Number:
    +1 (781) 663-7250 or +60 3 2055 3333

    Notification Timeline:

    4/07/2004 Vendor notified of issue
    4/08/2004 Vendor confirms notification
    4/14/2004 Vendor responds that they are fixing issue
    4/21/2004 Vendor informs us that they have a patch available
    4/22/2004 Advisory released

    Recommendation:

    Install the vendor supplied update.

    Install an application level firewall that has cookie size
    filtering and restrict cookie sizes to less that 1024 bytes. This
    may effect other applications.

    Common Vulnerabilities and Exposures (CVE) Information:

    The Common Vulnerabilities and Exposures (CVE) project has assigned
    the following names to these issues. These are candidates for
    inclusion in the CVE list (http://cve.mitre.org), which standardizes
    names for security problems.

      CAN-2004-0425 SiteMinder Affiliate Agent Cookie Overflow

    Open Source Vulnerability Database Project (OSVDB) Information:

      OSVDB ID 5578

    @stake Vulnerability Reporting Policy:
    http://www.atstake.com/research/policy/

    @stake Advisory Archive:
    http://www.atstake.com/research/advisories/

    PGP Key:
    http://www.atstake.com/research/pgp_key.asc

    Copyright 2004 @stake, Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0

    iQA/AwUBQIhUG0e9kNIfAm4yEQJ2EACgk7xl3Dxi2LQyakzl/WqeittV3PIAoNRZ
    lQZmTveIlPgHbMxw1mdrYrdr
    =0dG4
    -----END PGP SIGNATURE-----

  • Next message: advisories: "Potential Microsoft PCT worm (MS04-011)"

    Relevant Pages