Network Associates Net Tools PKI Server 1.0 Buffer Overflow Vulnerability

Bugtraq ID:	1363
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Jun 19 2000 12:00AM
Updated:	Jun 19 2000 12:00AM
Credit:	Posted to Bugtraq on June 19, 2000 by Jim Stickley <[email protected]>.
Vulnerable:	Network Associates Net Tools PKI Server 1.0 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0
Not Vulnerable:

Network Associates Net Tools PKI Server 1.0 Buffer Overflow Vulnerability

Under special circumstances, Network Associates Net Tools PKI Server (which is a component of PGP VPN Suite) will crash if unusually long strings are included in an HTTP request. Restarting the application is required in order to regain normal functionality.

Network Associates Net Tools PKI Server 1.0 Buffer Overflow Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Network Associates Net Tools PKI Server 1.0 Buffer Overflow Vulnerability

Solution:
Network Associates has released the following hotfix which eliminates this vulnerability:


Network Associates Net Tools PKI Server 1.0

• Network Associates PKISERVER100-SP1-103-1
  ftp://ftp.tis.com/gauntlet/hide/pki/PKISERVER100-SP1-103-1.EXE

Network Associates Net Tools PKI Server 1.0 Buffer Overflow Vulnerability

References:

• Net Tools PKI Product Homepage (Network Associates Inc.)
  
• Release Notes for Net Tools PKI Server Version 1.0 for Windows NT HotFix 1 (Network Associates Inc.)