Full Disclosure mailing list archives
Re: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow
From: Jared DeMott <demottja () msu edu>
Date: Fri, 08 Jun 2007 13:04:06 -0400
Dennis Rand wrote:
CSIS Security Group has discovered a remote exploitable arbitrary overwrite, in the Blue Coat K9 Web Protection local Web configuration manager on 127.0.0.1 and port 2372.
Justin Seitz of VDA Labs (www.vdalabs.com) already found this bug. Here's the CVE: CVE-2007-1783. They had so many bugs, they're rolling this issue and more into the next release. We have a working PoC, and believe it could be transformed into remote via embedded link. For example: <SCRIPT SRC="http://127.0.0.1:2372/<buffer here> <http://127.0.0.1:2372/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>"></SCRIPT> Blessings, Jared
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow Dennis Rand (Jun 07)
- Re: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow Valdis . Kletnieks (Jun 08)
- Re: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow Dennis Rand (Jun 08)
- Re: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow Jared DeMott (Jun 08)
- Re: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow Dennis Rand (Jun 08)
- Re: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow Jared DeMott (Jun 08)
- Re: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow Dennis Rand (Jun 08)
- Re: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow Valdis . Kletnieks (Jun 08)