Trend Micro ServerProtect isaNVWRequest.dll POST Request Remote Overflow

2005-12-14T04:03:17
ID OSVDB:21771
Type osvdb
Reporter OSVDB
Modified 2005-12-14T04:03:17

Description

Vulnerability Description

A remote overflow exists in ServerProtect. ServerProtect's /ControlManager/cgi-bin/VA/isaNVWRequest.dll fails to properly handle POST requests containing chunked encoding with an overly large length value resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workarounds: use the Microsoft URLScan Tool or changing the build environments to Visual C++ 6.0 with Service Pack 6.

Short Description

A remote overflow exists in ServerProtect. ServerProtect's /ControlManager/cgi-bin/VA/isaNVWRequest.dll fails to properly handle POST requests containing chunked encoding with an overly large length value resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1015358 Secunia Advisory ID:18038 Related OSVDB ID: 21770 Related OSVDB ID: 21772 Related OSVDB ID: 21773 Other Advisory URL: http://www.idefense.com/application/poi/display?id=353&type=vulnerabilities Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0569.html FrSIRT Advisory: ADV-2005-2907 CVE-2005-1929 Bugtraq ID: 15865