OSVDB ID: 13213

Title: ValiCert Enterprise Validation Authority forms.exe maxOCSPValidityPeriod Overflow

Info

Disclosure

Dec 04, 2001

Discovery

Unknown

Dates

Exploit

Dec 04, 2001

Solution

Unknown

Description

A remote overflow exists in Enterprise Validation Authority. The forms.exe program fails to validate the maxOCSPValidityPeriod variable resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 4.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Valicert	Enterprise Validation Authority	3.3
		3.4
		3.5
		3.6
		3.7
		3.8
		3.9
		4.0
		4.1
		4.2
		4.2.1

References

Security Tracker: 1002897
Related OSVDB ID: 13209 13210 13211 13212 13214 13215 13216 13217 13218 13219 13220 13221 13222
CVE ID: 2001-0949 (see also: NVD)
Bugtraq ID: 3625
ISS X-Force ID: 7652
Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2

Credit

Cyberiad - cyberiadnmrc.org - Nomad Mobile Research Centre
Phuzzy L0gic - phyznmrc.org - Nomad Mobile Research Center

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Valicert

Enterprise Validation Authority

References

Credit