Netegrity SiteMinder Affiliate Agent Heap Overflow Vulnerability
BID:10198
Info
Netegrity SiteMinder Affiliate Agent Heap Overflow Vulnerability
| Bugtraq ID: | 10198 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0425 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 23 2004 12:00AM |
| Updated: | Jul 12 2009 04:06AM |
| Credit: | Discovered by Jeremy Jethro <[email protected]>. |
| Vulnerable: |
Netegrity SideMinder Affiliate Agent 4.0 |
| Not Vulnerable: | |
Discussion
Netegrity SiteMinder Affiliate Agent Heap Overflow Vulnerability
@Stake has identified a remotely exploitable vulnerability in SiteMinder Affiliate Agent that is due to memory mismanagement. When a legitimate user connects to a server implementing SiteMinder Agent, the cookie value "SMPROFILE" is transmitted. The vulnerability is triggered when a value of excessive length for the cookie is sent to the server. The vulnerability can be exploited to execute arbitrary instructions
@Stake has identified a remotely exploitable vulnerability in SiteMinder Affiliate Agent that is due to memory mismanagement. When a legitimate user connects to a server implementing SiteMinder Agent, the cookie value "SMPROFILE" is transmitted. The vulnerability is triggered when a value of excessive length for the cookie is sent to the server. The vulnerability can be exploited to execute arbitrary instructions
Exploit / POC
Netegrity SiteMinder Affiliate Agent Heap Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Netegrity SiteMinder Affiliate Agent Heap Overflow Vulnerability
Solution:
Netegrity has made a fixed version of Affiliate Agent available. The following upgrade, hosted for customers at https://support.netegrity.com, is available:
Web Agent 4QMR6 HF-016
Solution:
Netegrity has made a fixed version of Affiliate Agent available. The following upgrade, hosted for customers at https://support.netegrity.com, is available:
Web Agent 4QMR6 HF-016
References
Netegrity SiteMinder Affiliate Agent Heap Overflow Vulnerability
References:
References:
- Netegrity Support Page (Netegrity)
- SiteMinder Product Page (Netegrity)