Re: ISS Security Advisory: Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure

[kap () UAKRON EDU (Keith Piepho)]

At 06:47 PM 12/1/99 -0800, you wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> ISS Security Advisory
> December 1, 1999
>
> Buffer Overflow in Netscape Enterprise and FastTrack Authentication
> Procedure
>
> Synopsis:
>
> Netscape Enterprise Server and Netscape FastTrack Server are widely used
> Internet web servers. Internet Security Systems (ISS) X-Force has discovered
> a vulnerability in Netscape Enterprise Server and Netscape FastTrack
> Server, as well as in the Administration Server supplied with both. There
> is a buffer overflow in the HTTP Basic Authentication that can be used to
> execute code on the machine as SYSTEM in Windows NT or as root or nobody
> in Unix, without requiring authentication. The Administration Service runs
> as root in Unix, the Application Server runs as the user 'nobody' by
> default.
>
> Affected Versions:
>
> This vulnerability affects all supported platforms of Enterprise and
> FastTrack web servers. Enterprise 3.5.1 through 3.6sp2 and FastTrack 3.01
> were found to be vulnerable. Earlier versions may be vulnerable but were not
> tested by ISS X-Force.

Does anyone know if this problem is fixed in 3.6sp3?  The release notes for
sp3 include the following fixes:

         359884.   Buffer overflow on large requests causes Security problems.
         363755.   Buffer overflow in the HTTP Basic authentication.

That second one certainly sounds very similar, but does anyone know for sure?


--
Keith Piepho                    kap () uakron edu
Technical Services              (330) 972-6130
The University of Akron