TITLE: RSA Authentication Agent for Web "Redirect" Buffer Overflow SECUNIA ADVISORY ID: SA17281 VERIFY ADVISORY: http://secunia.com/advisories/17281/ CRITICAL: Highly critical IMPACT: System access, DoS WHERE: >From remote SOFTWARE: RSA Authentication Agent for Web for IIS 5.x http://secunia.com/product/4919/ DESCRIPTION: H.D. Moore has reported a vulnerability in RSA Authentication Agent for Web for Internet Information Services, which can be exploited by malicious people to cause a DoS or potentially to compromise a vulnerable system. The vulnerability is caused due to a boundary error in IISWebAgentIF.dll. This can be exploited to cause a stack-based buffer overflow via a GET request with an overly long "url" parameter in the "Redirect" method. The vulnerability has been reported in version 5.2 and 5.3. Other versions may also be affected. NOTE: An exploit for this vulnerability is publicly available. SOLUTION: The vendor reportedly has a patch available. PROVIDED AND/OR DISCOVERED BY: H.D. Moore ORIGINAL ADVISORY: Metasploit Project: http://www.metasploit.com/projects/Framework/exploits.html#rsa_iiswebagent_redirect ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------