NAI Net Tools PKI Server XUDAD.EXE Execute Arbitrary Code

2000-08-02T00:00:00
ID OSVDB:1490
Type osvdb
Reporter Iván Arce(iarce@core-sdi.com)
Modified 2000-08-02T00:00:00

Description

Vulnerability Description

Net Tools PKI Server contains a flaw that allows a remote attacker to execute arbitrary code on a vulnerable server. The issue is due to the Strong.exe and XUDAD.EXE not properly sanitizing user input during processing, allowing an attacker to craft a request that will overwrite arbitrary portions of memory allowing a denial of service or code execution.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Network Associates has released a patch to address this vulnerability.

Short Description

Net Tools PKI Server contains a flaw that allows a remote attacker to execute arbitrary code on a vulnerable server. The issue is due to the Strong.exe and XUDAD.EXE not properly sanitizing user input during processing, allowing an attacker to craft a request that will overwrite arbitrary portions of memory allowing a denial of service or code execution.

Manual Testing Notes

https://[victim]:444/xxx%3c%b9%ff%01%25%25x%25%25x%25%25x%25%25x%25%25x%25\%25x%25%25x%25%25x%25%25x%25%25x%25%25x%25%25x%25%25x%25%25x%25%25x%25\%25x%25%25x%25%25x%25%25x%25%25x%25%25x%25%25x%25%25x%25%25x%25%25x%25\%25x%25%25x%25%25x%25%25x%25%25x%25%25x%25%25x%25%25x%25%25x%25%25x%25\%25x%25%25x%25x%25n.xuda

References:

Vendor Specific Advisory URL Related OSVDB ID: 1488 Related OSVDB ID: 1489 Related OSVDB ID: 4061 Other Advisory URL: http://www1.corest.com/common/showdoc.php?idx=129&idxseccion=10 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html CVE-2000-0741 Bugtraq ID: 1538