Home page logo

fulldisclosure logo Full Disclosure mailing list archives

CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow
From: "Dennis Rand" <rand () csis dk>
Date: Fri, 8 Jun 2007 08:59:50 +0200

CSIS Security Group has discovered a remote exploitable arbitrary
overwrite, in the Blue Coat
K9 Web Protection local Web configuration manager on and port

This allows an attacker to perform at least a Denial of Service
condition, on the
usage of internet.

Since the overflow can result in an overwrite of both the return address
and SHE, remote code
execution is possible.

Another attack vector could also be privilege escalation on the local

The Full advisory can be downloaded at: 

Best regards
Dennis Rand
Malware/Security Researcher
CSIS Security Group

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]