Secunia Security Advisory - H.D. Moore has reported a vulnerability in RSA Authentication Agent for Web for Internet Information Services, which can be exploited by malicious people to cause a DoS or potentially to compromise a vulnerable system.
1927aac572ac967167a54f27793793e77a6a5ec4800e8c32910efe243e4955ad
TITLE:
RSA Authentication Agent for Web "Redirect" Buffer Overflow
SECUNIA ADVISORY ID:
SA17281
VERIFY ADVISORY:
http://secunia.com/advisories/17281/
CRITICAL:
Highly critical
IMPACT:
System access, DoS
WHERE:
>From remote
SOFTWARE:
RSA Authentication Agent for Web for IIS 5.x
http://secunia.com/product/4919/
DESCRIPTION:
H.D. Moore has reported a vulnerability in RSA Authentication Agent
for Web for Internet Information Services, which can be exploited by
malicious people to cause a DoS or potentially to compromise a
vulnerable system.
The vulnerability is caused due to a boundary error in
IISWebAgentIF.dll. This can be exploited to cause a stack-based
buffer overflow via a GET request with an overly long "url" parameter
in the "Redirect" method.
The vulnerability has been reported in version 5.2 and 5.3. Other
versions may also be affected.
NOTE: An exploit for this vulnerability is publicly available.
SOLUTION:
The vendor reportedly has a patch available.
PROVIDED AND/OR DISCOVERED BY:
H.D. Moore
ORIGINAL ADVISORY:
Metasploit Project:
http://www.metasploit.com/projects/Framework/exploits.html#rsa_iiswebagent_redirect
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------