Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17230
HistoryJun 11, 2007 - 12:00 a.m.

CSIS Advisory: BlueCoat K9 Web Protection 3.2.36 Overflow

2007-06-1100:00:00
vulners.com
17
JSON

CSIS Security Group has discovered a remote exploitable arbitrary
overwrite, in the Blue Coat
K9 Web Protection local Web configuration manager on 127.0.0.1 and port
2372.

This allows an attacker to perform at least a Denial of Service
condition, on the
usage of internet.

Since the overflow can result in an overwrite of both the return address
and SHE, remote code
execution is possible.

Another attack vector could also be privilege escalation on the local
machine.

The Full advisory can be downloaded at:
http://www.csis.dk/dk/forside/Bluecoat-k9.pdf

Best regards
Dennis Rand
Malware/Security Researcher
CSIS Security Group
http://www.csis.dk

JSON