Bugtraq mailing list archives
Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0
From: robert.flannigan () PLATINUM COM (robert.flannigan () PLATINUM COM)
Date: Mon, 7 Dec 1998 10:19:11 -0700
--0__=W0HoYqOc9Gb7fEUdwyjpJ1JEwqFAWR1rS3PxmHBGl9I45gaE5gE2r9ku
Content-type: text/plain; charset=windows-1257
Content-Disposition: inline
Content-transfer-encoding: quoted-printable
Greetings Bugtraq. The issue mentioned in the attached posting has bee=
n
fixed. The patched binary of Smaxagent.exe mentioned in the post is no=
w part
of the AutoSecure Policy Compliance Manager v7.1, slated for release Fe=
bruary
99. Existing customers using Policy Compliance Manager v7.0 under Wind=
ows NT
can obtain the hotfix patch immediately by contacting our Technical Cus=
tomer
Support at (800) 833-PLAT.
Any future questions/ issues can be reported to the technical support n=
umber
listed above. This allows them to be quickly escalated to the engineer=
s for a
prompt response using our Product Assistance Request (PAR) system. The=
specific issue dealt with in this posting was addressed and fixed immed=
iately
after receiving an email bug report on September 9th. We regret any br=
eakdown
in communications that might have resulted in a post to Bugtraq.
PLATINUM technology is committed to providing the most robust Enterpris=
e
Security solutions available. We thank the members of Bugtraq for thei=
r
vigilance in holding all software to the highest standards. For more
technical information or other questions on PLATINUM=92s AutoSecure sui=
te of
tools, please contact me directly.
Regards,
Robert Flannigan
Product Specialist
robert.flannigan () platinum com
800.526.9096
Please respond to Bugtraq List <BUGTRAQ () NETSPACE ORG>
To: BUGTRAQ () NETSPACE ORG
cc:
Subject: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0
=
--0__=W0HoYqOc9Gb7fEUdwyjpJ1JEwqFAWR1rS3PxmHBGl9I45gaE5gE2r9ku
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
__________________________________________________________
S.A.F.E.R. Security Bulletin 981204.DOS.1.3
__________________________________________________________
TITLE: Buffer Overflow in Platinum PCM 7.0
DATE: December 04, 1998
NATURE: Denial-of-Service, Remote Code Execution
PLATFORMS: Windows NT 4.0
DETAILS:
Policy Compliance Manager is a product that performs checks on the system,
in order to ensure that security policies are enforced. It acts very much
as a security scanner, but with a limited number of security checks.
PCM Agent can be installed on different machines. Then, users can establish
connection and initiate checks using the PCM Client.
PROBLEM:
If certain amount of data is sent to port where Smaxagent.exe (Agent) is
listening [1827], Smaxagent will crash. Restart of the service is needed.
Remote users can also execute arbitrary code.
FIXES:
Platinum has been informed about this issue (and confirmed the problem) on
September 9th 1998.
--0__=W0HoYqOc9Gb7fEUdwyjpJ1JEwqFAWR1rS3PxmHBGl9I45gaE5gE2r9ku--
Current thread:
- [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 Security Research Team (Dec 03)
- Breaking into houses to steal the security systems... Was: Dr. Mudge (Dec 03)
- <Possible follow-ups>
- Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 robert.flannigan () PLATINUM COM (Dec 07)
- Call For Papers Marco de Vivo [UCV] (Dec 07)
- Lousy password handling in BreezeCOM Mr. SteelFire (Dec 10)
- Re: Lousy password handling in BreezeCOM Thilo Hille (Dec 10)
- NSA paper on computer security Kragen (Dec 11)
- about the ip header id Salvatore Sanfilippo (Dec 14)
- Learning security Kevin M. Myer (Dec 14)
- Administrivia Aleph One (Dec 10)
- RealSystem passwords Guy Cohen (Dec 10)
- Titan 3.0 Released Aleph One (Dec 10)
- Vulnerability in IRIX fcagent daemon SGI Security Coordinator (Dec 10)
(Thread continues...)