Blue Coat K9 Web Protection 'Referer' Header Stack Based Buffer Overflow Vulnerability
BID:30463
Info
Blue Coat K9 Web Protection 'Referer' Header Stack Based Buffer Overflow Vulnerability
| Bugtraq ID: | 30463 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2952 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 31 2008 12:00AM |
| Updated: | Sep 15 2008 11:40PM |
| Credit: | Carsten Eiram, Secunia Research |
| Vulnerable: |
Blue Coat Systems K9 Web Protection 3.2.44 |
| Not Vulnerable: | |
Discussion
Blue Coat K9 Web Protection 'Referer' Header Stack Based Buffer Overflow Vulnerability
Blue Coat K9 Web Protection is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.3 is affected; other versions may also be affected.
Blue Coat K9 Web Protection is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.3 is affected; other versions may also be affected.
Exploit / POC
Blue Coat K9 Web Protection 'Referer' Header Stack Based Buffer Overflow Vulnerability
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
Blue Coat K9 Web Protection 'Referer' Header Stack Based Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Blue Coat K9 Web Protection 'Referer' Header Stack Based Buffer Overflow Vulnerability
References:
References:
- K9 Web Protection Product Page (Blue Coat Systems)
- Secunia Research: Blue Coat K9 Web Protection "Referer" Header Buffer Overflow (Secunia Research
- Blue Coat K9 Web Protection "Referer" Header Buffer Overflow (Secunia Research)