Blue Coat K9 Web Protection Centralized Server HTTP Responses Buffer Overflow Vulnerability
BID:30464
Info
Blue Coat K9 Web Protection Centralized Server HTTP Responses Buffer Overflow Vulnerability
| Bugtraq ID: | 30464 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2952 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 31 2008 12:00AM |
| Updated: | Jul 31 2008 09:37PM |
| Credit: | Carsten Eiram, Secunia Research |
| Vulnerable: |
Blue Coat Systems K9 Web Protection 3.2.44 |
| Not Vulnerable: | |
Discussion
Blue Coat K9 Web Protection Centralized Server HTTP Responses Buffer Overflow Vulnerability
Blue Coat K9 Web Protection is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks when receiving HTTP responses from the centralized server 'sp.cwfservice.net'.
Attackers can exploit this issue via man-in-the-middle attacks to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.3 is affected; other versions may also be affected.
Blue Coat K9 Web Protection is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks when receiving HTTP responses from the centralized server 'sp.cwfservice.net'.
Attackers can exploit this issue via man-in-the-middle attacks to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-service condition.
Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.3 is affected; other versions may also be affected.
Exploit / POC
Blue Coat K9 Web Protection Centralized Server HTTP Responses Buffer Overflow Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Blue Coat K9 Web Protection Centralized Server HTTP Responses Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Blue Coat K9 Web Protection Centralized Server HTTP Responses Buffer Overflow Vulnerability
References:
References:
- K9 Web Protection Product Page (Blue Coat Systems)
- Secunia Research: Blue Coat K9 Web Protection Response Handling Buffer Overflows (Secunia Research
- Blue Coat K9 Web Protection Response Handling Buffer Overflows (Secunia Research)