Re: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow

[Jared DeMott <demottja () msu edu>]

Dennis Rand wrote:
> CSIS Security Group has discovered a remote exploitable arbitrary
> overwrite, in the Blue Coat
> K9 Web Protection local Web configuration manager on 127.0.0.1 and port
> 2372.
>
>   
Justin Seitz of VDA Labs (www.vdalabs.com) already found this bug.
Here's the CVE: CVE-2007-1783.

 They had so many bugs, they're rolling this issue and more into the
next release.

We have a working PoC, and believe it could be transformed into remote
via embedded link.  For example:
<SCRIPT SRC="http://127.0.0.1:2372/<buffer here>
<http://127.0.0.1:2372/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>"></SCRIPT>

Blessings,
Jared

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/