CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow

2007-06-11T00:00:00
ID SECURITYVULNS:DOC:17230
Type securityvulns
Reporter Securityvulns
Modified 2007-06-11T00:00:00

Description

CSIS Security Group has discovered a remote exploitable arbitrary overwrite, in the Blue Coat K9 Web Protection local Web configuration manager on 127.0.0.1 and port 2372.

This allows an attacker to perform at least a Denial of Service condition, on the usage of internet.

Since the overflow can result in an overwrite of both the return address and SHE, remote code execution is possible.

Another attack vector could also be privilege escalation on the local machine.

The Full advisory can be downloaded at: http://www.csis.dk/dk/forside/Bluecoat-k9.pdf

Best regards Dennis Rand Malware/Security Researcher CSIS Security Group http://www.csis.dk