[Full-disclosure] CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow
Jared DeMott
demottja at msu.edu
Fri Jun 8 18:04:06 BST 2007
Dennis Rand wrote:
> CSIS Security Group has discovered a remote exploitable arbitrary
> overwrite, in the Blue Coat
> K9 Web Protection local Web configuration manager on 127.0.0.1 and port
> 2372.
>
>
Justin Seitz of VDA Labs (www.vdalabs.com) already found this bug.
Here's the CVE: CVE-2007-1783.
They had so many bugs, they're rolling this issue and more into the
next release.
We have a working PoC, and believe it could be transformed into remote
via embedded link. For example:
<SCRIPT SRC="http://127.0.0.1:2372/<buffer here>
<http://127.0.0.1:2372/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>"></SCRIPT>
Blessings,
Jared
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070608/7b44b864/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.