Bugtraq mailing list archives
Net Tools PKI server exploits
From: jim () GARRISON COM (Jim Stickley)
Date: Mon, 19 Jun 2000 08:19:59 -0700
ISSUE #1 There is a vulnerability in an OEM version of software incorporated within the Net Tools PKI Server product. An attacker can, under rare circumstances, gain unauthorized access to the computer hosting the Enrollment and/or Administrative Web servers of the Net Tools PKI. The vulnerability revolves around an issue with the XUDA template files included with the product, where these files do not reference absolute pathnames to other files. To determine whether anyone has attempted to exploit this vulnerability, check the enroll-access.log and the admin-access.log files in the WebServer/logs directory of your Net Tools PKI Server installation. Search for any log entries which include "x-templates" in the URL. Each entry can then be examined to see the IP address of the computer and what files were accessed. ISSUE #2 I have discovered a potential buffer overflow / denial of service vulnerability in an OEM version of software incorporated within the Net Tools PKI Server product. Under certain circumstances, sending HTTP requests with abnormally long values can cause the Net Tools PKI Directory Server to crash. NAI has produced a hotfix to solve these issues and it can be downloaded at: ftp://ftp.tis.com/gauntlet/hide/pki/PKISERVER100-SP1-103-1.EXE There is also a README at: ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt -Jim Jim Stickley Garrison Technologies http://www.garrison.com 619-543-8181 X33
Current thread:
- Re: local root on linux 2.2.15, (continued)
- Re: local root on linux 2.2.15 Philip Guenther (Jun 08)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 12)
- Re: local root on linux 2.2.15 Jeff Dafoe (Jun 14)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 14)
- Re: local root on linux 2.2.15 Philip Guenther (Jun 08)
- MS-040 'proof of concept' code Renaud Deraison (Jun 13)
- Re: local root on linux 2.2.15 Peter da Silva (Jun 15)
- Re: local root on linux 2.2.15 Firstname Lastname (Jun 15)
- Re: local root on linux 2.2.15 Robert Watson (Jun 18)
- Net Tools PKI server exploits Jim Stickley (Jun 19)
- XFree86: libICE DoS Chris Evans (Jun 19)
- XFree86: Various nasty libX11 holes Chris Evans (Jun 19)
- XFree86: xdm flaw; present in kdm Chris Evans (Jun 19)
- XFree86: xdm xdmcp code in wdm also Brian Russo (Jun 20)
- Re: XFree86: xdm xdmcp code in wdm also Jerome ALET (Jun 20)