Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS Scanner
Date: Wed, 18 Sep 2002 09:59:34 -0700
From: Marshall Beddoe <Marshall.beddoe@foundstone.com>
To: announce <announce@foundstone.com>
Subject: Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS Scanner
Foundstone Research Labs Advisory - 091802-ISSC
Advisory Name: Remotely Exploitable Buffer Overflow in ISS Scanner
Release Date: September 18, 2002
Application: ISS Scanner 6.2.1
Platforms: Windows NT/2000/XP
Severity: Remote code execution
Vendors: Internet Security Systems (http://www.iss.net)=20
Authors: Tony Bettini (tony.bettini@foundstone.com)
CVE Candidate: CAN-2002-1122
Reference: http://www.foundstone.com/advisories
Overview:
The license banner HTTP check performed by ISS Scanner does not check
the
length of the data returned by the web server being tested. As a result,
a malicious host could be configured to return a long HTTP response that
causes code execution on the ISS Scanner host.
Detailed Description:
A malicious web server could be setup to return a long HTTP result code,
such that when the ISS Scanner attempts to perform a license
advertisement via an HTTP banner check, a reply is returned that
executes arbitrary code on the ISS Scanner host.
Vendor Response:
ISS has issued a fix for this vulnerability. It is included within
X-Press Update 6.17.
Solution:
We recommend applying the vendor patch.
Disclaimer:
The information contained in this advisory is copyright (c) 2002=20
Foundstone, Inc. and is believed to be accurate at the time of=20
publishing, but no representation of any warranty is given,=20
express, or implied as to its accuracy or completeness. In no=20
event shall the author or Foundstone be liable for any direct,=20
indirect, incidental, special, exemplary or consequential=20
damages resulting from the use or misuse of this information. =20
This advisory may be redistributed, provided that no fee is=20
assigned and that the advisory is not modified in any way.
