----------------------------------------------------------------------

Want a new job?

http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/

International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/

----------------------------------------------------------------------

TITLE:
Blue Coat K9 Web Protection Multiple Buffer Overflow Vulnerabilities

SECUNIA ADVISORY ID:
SA25813

VERIFY ADVISORY:
http://secunia.com/advisories/25813/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Blue Coat K9 Web Protection 3.x
http://secunia.com/product/14460/

DESCRIPTION:
Secunia Research has discovered some vulnerabilities in K9 Web
Protection, which can be exploited by malicious people to compromise
a user's system.

1) A boundary error in the filter service (k9filter.exe) when
handling "Referer:" headers during access to the web-based K9 Web
Protection Administration interface can be exploited to cause a
stack-based buffer overflow via an overly long "Referer:" header.

Successful exploitation allows execution of arbitrary code when a
user e.g. visits a malicious web site.

2) Two boundary errors in the filter service (k9filter.exe) when
handling HTTP version information in responses from a centralised
server (sp.cwfservice.net) can be exploited to cause stack-based
buffer overflows via a specially crafted response containing overly
long HTTP version information.

Successful exploitation allows execution of arbitrary code, but
requires that the request is intercepted via e.g. DNS poisoning or
Man-in-the-Middle attacks.

The vulnerabilities are confirmed in version 3.2.44 with Filter
version 3.2.32. Other versions may also be affected.

SOLUTION:
Use another product.

The vendor is reportedly working on a fix, which may be available
shortly.

PROVIDED AND/OR DISCOVERED BY:
Carsten Eiram, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2007-61/
http://secunia.com/secunia_research/2007-64/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------