Juniper Networks SSL-VPN IVE JuniperSetupDLL.dll ActiveX Overflow

2006-04-25T00:00:00
ID OSVDB:25001
Type osvdb
Reporter Yuji Ukai(alert@eEye.com)
Modified 2006-04-25T00:00:00

Description

Vulnerability Description

A remote overflow exists in Juniper Networks' SSL-VPN IVE OS. The product fails to in the handling of the ProductName parameter of the JuniperSetupDLL.dll library resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Technical Description

The JuniperSetupDLL.dll library is called from the JuniperSetup.ocx ActiveX control, which is automatically loaded through the web interface of Juniper Networks SSL-VPN.

Solution Description

Upgrade to version the version specified by the vendor, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Juniper Networks' SSL-VPN IVE OS. The product fails to in the handling of the ProductName parameter of the JuniperSetupDLL.dll library resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1016000 Secunia Advisory ID:19842 Other Advisory URL: http://www.eeye.com/html/research/advisories/AD20060424.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0743.html Keyword: EEYEB-20060227,PSN-2006-03-013 ISS X-Force ID: 26077 FrSIRT Advisory: ADV-2006-1543 CVE-2006-2086 Bugtraq ID: 17712