RSA Security RSA Authentication Agent For Web Remote Heap Buffer Overflow Vulnerability
BID:13524
Info
RSA Security RSA Authentication Agent For Web Remote Heap Buffer Overflow Vulnerability
| Bugtraq ID: | 13524 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-1471 |
| Remote: | Yes |
| Local: | No |
| Published: | May 06 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | "Gary O'leary-Steele" <[email protected]> disclosed this vulnerability. |
| Vulnerable: |
Rsa RSA Authentication Agent for Web 5.3 Rsa RSA Authentication Agent for Web 5.2 Rsa RSA Authentication Agent for Web 5.0 |
| Not Vulnerable: | |
Discussion
RSA Security RSA Authentication Agent For Web Remote Heap Buffer Overflow Vulnerability
A remote heap-based buffer overflow vulnerability exists in RSA Authentication Agent for Web. This issue is due to a failure of the application to properly bounds check user-supplied input data prior to copying it into a fixed-sized heap buffer memory region.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of the vulnerable server application. This reportedly occurs with 'LocalSystem' privileges, allowing the attacker to gain complete control of the targeted computer.
Versions 5.0, 5.2, and 5.3 of RSA Authentication Agent for Web are vulnerable to this issue.
A remote heap-based buffer overflow vulnerability exists in RSA Authentication Agent for Web. This issue is due to a failure of the application to properly bounds check user-supplied input data prior to copying it into a fixed-sized heap buffer memory region.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of the vulnerable server application. This reportedly occurs with 'LocalSystem' privileges, allowing the attacker to gain complete control of the targeted computer.
Versions 5.0, 5.2, and 5.3 of RSA Authentication Agent for Web are vulnerable to this issue.
Exploit / POC
RSA Security RSA Authentication Agent For Web Remote Heap Buffer Overflow Vulnerability
The discoverer has reportedly developed an exploit. This exploit is not publicly available or known to be circulating in the wild.
An exploit (rsa_iiswebagent_redirect.pm) as part of the Metasploit Framework has been released.
The discoverer has reportedly developed an exploit. This exploit is not publicly available or known to be circulating in the wild.
An exploit (rsa_iiswebagent_redirect.pm) as part of the Metasploit Framework has been released.
Solution / Fix
RSA Security RSA Authentication Agent For Web Remote Heap Buffer Overflow Vulnerability
Solution:
The reporter of this issue states that the vendor has made fixes available for this vulnerability. This has not been confirmed by Symantec. Users of affected packages are urged to contact the vendor for further information.
Users with valid support contracts with the vendor may be able to locate fixes at:
https://knowledge.rsasecurity.com
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
The reporter of this issue states that the vendor has made fixes available for this vulnerability. This has not been confirmed by Symantec. Users of affected packages are urged to contact the vendor for further information.
Users with valid support contracts with the vendor may be able to locate fixes at:
https://knowledge.rsasecurity.com
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
RSA Security RSA Authentication Agent For Web Remote Heap Buffer Overflow Vulnerability
References:
References:
- RSA Homepage (RSA Security)
- SecurID Product Homepage (RSA Security)
- [SEC-1 LTD] RSA SecurID Web Agent Heap Overflow ("Gary O'leary-Steele"
)