Bugtraq mailing list archives

Net Tools PKI server exploits

From: jim () GARRISON COM (Jim Stickley)
Date: Mon, 19 Jun 2000 08:19:59 -0700


ISSUE #1 There is a vulnerability in an OEM version of software incorporated
within the Net Tools PKI Server product. An attacker can, under rare
circumstances, gain unauthorized access to the computer hosting the
Enrollment and/or Administrative Web servers of the Net Tools PKI. The
vulnerability revolves around an issue with the XUDA template files included
with the product, where these files do not reference absolute pathnames to
other files. To determine whether anyone has attempted to exploit this
vulnerability, check the enroll-access.log and the admin-access.log files in
the WebServer/logs directory of your Net Tools PKI Server installation.
Search for any log entries which include "x-templates" in the URL. Each
entry can then be examined to see the IP address of the computer and what
files were accessed.
ISSUE #2 I have discovered a potential buffer overflow / denial of service
vulnerability in an OEM version of software incorporated within the Net
Tools PKI Server product. Under certain circumstances, sending HTTP requests
with abnormally long values can cause the Net Tools PKI Directory Server to
crash.
NAI has produced a hotfix to solve these issues and it can be downloaded at:
ftp://ftp.tis.com/gauntlet/hide/pki/PKISERVER100-SP1-103-1.EXE
There is also a README at:  ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
        -Jim

Jim Stickley
Garrison Technologies
http://www.garrison.com
619-543-8181 X33

Current thread:

Re: local root on linux 2.2.15, (continued)
- - Re: local root on linux 2.2.15 Philip Guenther (Jun 08)
    - Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 12)
    - Re: local root on linux 2.2.15 Jeff Dafoe (Jun 14)
    - Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 14)
    - MS-040 'proof of concept' code Renaud Deraison (Jun 13)
- Re: local root on linux 2.2.15 Rogier Wolff (Jun 08)
- Re: local root on linux 2.2.15 Tollef Fog Heen (Jun 11)
  - Re: local root on linux 2.2.15 Peter da Silva (Jun 15)
    - Re: local root on linux 2.2.15 Firstname Lastname (Jun 15)
    - Re: local root on linux 2.2.15 Robert Watson (Jun 18)
    - Net Tools PKI server exploits Jim Stickley (Jun 19)
    - XFree86: libICE DoS Chris Evans (Jun 19)
    - XFree86: Various nasty libX11 holes Chris Evans (Jun 19)
    - XFree86: xdm flaw; present in kdm Chris Evans (Jun 19)
    - XFree86: xdm xdmcp code in wdm also Brian Russo (Jun 20)
    - Re: XFree86: xdm xdmcp code in wdm also Jerome ALET (Jun 20)
    - Problems with "kon2" package Chris Evans (Jun 19)
    - [TL-Security-Announce] Linux Kernel TLSA2000013-1 Roger Luethi (Jun 19)
    - Re: [TL-Security-Announce] Linux Kernel TLSA2000013-1 Gregory Neil Shapiro (Jun 28)
    - CERT Advisory CA-2000-12 Roman Drahtmueller (Jun 19)
    - Re: local root on linux 2.2.15 Joseph Gooch (Jun 15)

(Thread continues...)