ValiCert Enterprise Validation Authority forms.exe Certificate_File Overflow

2001-12-04T00:00:00
ID OSVDB:13214
Type osvdb
Reporter Phuzzy L0gic(phyz@nmrc.org), Cyberiad(cyberiad@nmrc.org)
Modified 2001-12-04T00:00:00

Description

Vulnerability Description

A remote overflow exists in Enterprise Validation Authority. The forms.exe program fails to validate the Certificate_File variable resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 4.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Enterprise Validation Authority. The forms.exe program fails to validate the Certificate_File variable resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Manual Testing Notes

http://[victim]:13333/cgi-bin/forms.exe?CertServerSelection =Microsoft&Certificate_Type=SHARE&Certificate_Files ={A x 1028}&command=Submit+Certificate+Type

References:

Security Tracker: 1002897 Related OSVDB ID: 13212 Related OSVDB ID: 13216 Related OSVDB ID: 13217 Related OSVDB ID: 13209 Related OSVDB ID: 13220 Related OSVDB ID: 13221 Related OSVDB ID: 13215 Related OSVDB ID: 13218 Related OSVDB ID: 13219 Related OSVDB ID: 13210 Related OSVDB ID: 13211 Related OSVDB ID: 13213 Related OSVDB ID: 13222 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2 ISS X-Force ID: 7652 CVE-2001-0949 Bugtraq ID: 3627