[VIM] from: lists at bughunter.ca
Steven M. Christey
coley at linus.mitre.org
Fri Jun 8 23:59:25 UTC 2007
Note all that I'm trying to deconflict this with CVE-2007-1685, which is
included in the CSIS advisory and obtained from CERT.
On Fri, 8 Jun 2007, security curmudgeon wrote:
>
> From: J.M. Seitz <lists at bughunter.ca>
> To: vim at attrition.org
> Date: Fri, 8 Jun 2007 09:10:58 -0700
> Subject: RE: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow
>
> Hey Guys,
>
> I found this bug a few months ago, the vendor is working on a patch
> (albeit slowly). Use CVE-2007-1783 for this one :)
>
> JS
>
> > -----Original Message-----
> > From: Dennis Rand [mailto:rand at csis.dk]
> > Sent: Friday, June 08, 2007 12:00 AM
> > To: bugtraq at securityfocus.com
> > Subject: CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow
> >
> > CSIS Security Group has discovered a remote exploitable
> > arbitrary overwrite, in the Blue Coat
> > K9 Web Protection local Web configuration manager on
> > 127.0.0.1 and port 2372.
> >
> > This allows an attacker to perform at least a Denial of
> > Service condition, on the usage of internet.
> >
> > Since the overflow can result in an overwrite of both the
> > return address and SHE, remote code execution is possible.
> >
> > Another attack vector could also be privilege escalation on
> > the local machine.
> >
> > The Full advisory can be downloaded at:
> > http://www.csis.dk/dk/forside/Bluecoat-k9.pdf
> >
> >
> > Best regards
> > Dennis Rand
> > Malware/Security Researcher
> > CSIS Security Group
> > http://www.csis.dk
>
More information about the VIM
mailing list