Signature Detail
Short Name |
HTTP:OVERFLOW:RSA-WEB-OF |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
RSA Web Agent Overflow |
Release Date |
2005/06/06 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: RSA Web Agent Overflow
This signature detects attempts to exploit a known vulnerability against the RSA Authentication Web Agent. Attackers can remotely execute arbitrary code within the process of the Web server, typically with System privileges.
Extended Description
A remote heap-based buffer overflow vulnerability exists in RSA Authentication Agent for Web. This issue is due to a failure of the application to properly bounds check user-supplied input data prior to copying it into a fixed-sized heap buffer memory region. This vulnerability allows remote attackers to execute arbitrary machine code in the context of the vulnerable server application. This reportedly occurs with 'LocalSystem' privileges, allowing the attacker to gain complete control of the targeted computer. Versions 5.0, 5.2, and 5.3 of RSA Authentication Agent for Web are vulnerable to this issue.
Affected Products
- RSA Security RSA Authentication Agent for Web 5.0.0
- RSA Security RSA Authentication Agent for Web 5.2.0
- RSA Security RSA Authentication Agent for Web 5.3.0
References
- BugTraq: 13524
- CVE: CVE-2005-1471