CVE-2004-0425
CVSS10.0
发布时间 :2004-08-18 00:00:00
修订时间 :2008-09-05 16:38:24
NMCOPS    

[原文]Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows remote attackers to execute arbitrary code via a large SMPROFILE cookie.


[CNNVD]Netegrity SiteMinder Affiliate Agent远程堆溢出漏洞(CNNVD-200408-149)

        
        SiteMinder Affiliate Agent在相关站点的网络服务器上运行并提供单一登录,向相关站点用户提供个性化内容。
        SiteMinder Affiliate Agent在处理COOKIE值"SMPROFILE"时缺少正确边界缓冲区检查,远程攻击者可以利用这个漏洞对程序进行基于堆的溢出,可能以进程权限执行任意指令。
        SMPROFILE Cookie用于Affiliate agent来判断是否用户已经在站点注册,当"SMPROFILE"包含超长字符串的COOKIE值发送给服务器,可触发基于堆的溢出。精心构建提交数据可能以进程权限执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0425
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0425
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-149
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/15950
(VENDOR_ADVISORY)  XF  siteminder-affiliate-smprofile-bo(15950)
http://www.securityfocus.com/bid/10198
(VENDOR_ADVISORY)  BID  10198
http://www.atstake.com/research/advisories/2004/a042204-1.txt
(VENDOR_ADVISORY)  ATSTAKE  A042204-1

- 漏洞信息

Netegrity SiteMinder Affiliate Agent远程堆溢出漏洞
危急 边界条件错误
2004-08-18 00:00:00 2005-10-20 00:00:00
远程  
        
        SiteMinder Affiliate Agent在相关站点的网络服务器上运行并提供单一登录,向相关站点用户提供个性化内容。
        SiteMinder Affiliate Agent在处理COOKIE值"SMPROFILE"时缺少正确边界缓冲区检查,远程攻击者可以利用这个漏洞对程序进行基于堆的溢出,可能以进程权限执行任意指令。
        SMPROFILE Cookie用于Affiliate agent来判断是否用户已经在站点注册,当"SMPROFILE"包含超长字符串的COOKIE值发送给服务器,可触发基于堆的溢出。精心构建提交数据可能以进程权限执行任意指令。
        

- 公告与补丁

        厂商补丁:
        Netegrity
        ---------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Web Agent 4QMR6 HF-016
        https://support.netegrity.com

- 漏洞信息 (F33176)

Atstake Security Advisory 04-04-22.1 (PacketStormID:F33176)
2004-04-24 00:00:00
Atstake,Jeremy Jethro  atstake.com
advisory,overflow
windows,solaris,hpux
CVE-2004-0425
[点击下载]

Atstake Security Advisory A042204-1 - The SiteMinder Affiliate Agent plugin version 4.x is susceptible to a remotely exploitable heap overflow when the SMPROFILE cookie is passed a large value. This affect the Solaris, Windows, and HP-UX platforms.

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1


                                @stake, Inc.
                              www.atstake.com

                             Security Advisory

Advisory Name: Netegrity SiteMinder Affiliate Agent Cookie
               Overflow
 Release Date: 04/22/2004
  Application: SiteMinder Affiliate Agent 4.x
     Platform: Solaris, Windows, HP-UX
     Severity: A remote attacker can execute arbitrary commands
       Author: Jeremy Jethro <jjethro@si.rr.com>
Vendor Status: Vendor has patch available
CVE Candidate: CAN-2004-0425 SiteMinder Affiliate Agent Cookie
               Overflow
    Reference: www.atstake.com/research/advisories/2004/a042204-1.txt


Overview:

The SiteMinder Affiliate Agent is a plugin that provides a connection
from a main portal to an affiliate site without requiring a user to
re-identify or provide additional information about them.  The
affiliate site can determine that the user has been registered at the
main portal, and optionally, that the user has an active SiteMinder
session.


Details:

The SMPROFILE cookie is used by the affiliate agent to determine if
the user has been registered to the main portal.  A remotely
exploitable heap overflow can be triggered by passing a large value
to the SMPROFILE cookie.

A Nessus (NASL) script, siteminder_aa.nasl, which can be used to
scan for vulnerable servers, will be released after a 30 day delay.

Web servers that use the vulnerable SiteMinder plugin will quit
responding to requests when the NASL script is executed.


Vendor Response:

The handling of HTTP cookies has been modified to correctly process
cookies of all sizes.

Please download and install the following package to apply the fix:

     Web Agent 4QMR6 HF-016

The package is available at https://support.netegrity.com

Please contact Netegrity Support for more information.

Toll-free Phone Number (U.S and Canada only):
(877) 748-3646 (or 877-SITEMINDER)
International Phone Number:
+1 (781) 663-7250 or +60 3 2055 3333


Notification Timeline:

4/07/2004 Vendor notified of issue
4/08/2004 Vendor confirms notification
4/14/2004 Vendor responds that they are fixing issue
4/21/2004 Vendor informs us that they have a patch available
4/22/2004 Advisory released


Recommendation:

Install the vendor supplied update.

Install an application level firewall that has cookie size
filtering and restrict cookie sizes to less that 1024 bytes. This
may effect other applications.


Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues.  These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

  CAN-2004-0425 SiteMinder Affiliate Agent Cookie Overflow


Open Source Vulnerability Database Project (OSVDB) Information:

  OSVDB ID 5578


@stake Vulnerability Reporting Policy:
http://www.atstake.com/research/policy/

@stake Advisory Archive:
http://www.atstake.com/research/advisories/

PGP Key:
http://www.atstake.com/research/pgp_key.asc

Copyright 2004 @stake, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBQIhUG0e9kNIfAm4yEQJ2EACgk7xl3Dxi2LQyakzl/WqeittV3PIAoNRZ
lQZmTveIlPgHbMxw1mdrYrdr
=0dG4
-----END PGP SIGNATURE-----









    

- 漏洞信息

5578
Netegrity SiteMinder Affiliate Agent Cookie Overflow
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

A remote overflow exists in the SiteMinder Affiliate Agent. The Agent fails to check the size of the SMPROFILE cookie, resulting in a heap overflow. With a specially crafted cookie, an attacker can cause a denial of service and potentially execute arbitrary commands.

- 时间线

2004-04-22 2004-04-07
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Netegrity has released a patch to address this vulnerability. Patch: Web Agent 4QMR6 HF-016

- 相关参考

- 漏洞作者

- 漏洞信息

Netegrity SiteMinder Affiliate Agent Heap Overflow Vulnerability
Boundary Condition Error 10198
Yes No
2004-04-23 12:00:00 2009-07-12 04:06:00
Discovered by Jeremy Jethro <jjethro@si.rr.com>.

- 受影响的程序版本

Netegrity SideMinder Affiliate Agent 4.0

- 漏洞讨论

@Stake has identified a remotely exploitable vulnerability in SiteMinder Affiliate Agent that is due to memory mismanagement. When a legitimate user connects to a server implementing SiteMinder Agent, the cookie value "SMPROFILE" is transmitted. The vulnerability is triggered when a value of excessive length for the cookie is sent to the server. The vulnerability can be exploited to execute arbitrary instructions

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Netegrity has made a fixed version of Affiliate Agent available. The following upgrade, hosted for customers at https://support.netegrity.com, is available:

Web Agent 4QMR6 HF-016

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站