A remote overflow exists in the RSA SecurID Web Agent. The Web Agent fails to large "chunks" of data sent via the chunked-encoding mechanism resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, RSA Security has released a patch to address this vulnerability.
"Gary O'leary-Steele" <email@example.com> disclosed this vulnerability.
RSA Security RSA Authentication Agent for Web 5.3
RSA Security RSA Authentication Agent for Web 5.2
RSA Security RSA Authentication Agent for Web 5.0
A remote heap-based buffer overflow vulnerability exists in RSA Authentication Agent for Web. This issue is due to a failure of the application to properly bounds check user-supplied input data prior to copying it into a fixed-sized heap buffer memory region.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of the vulnerable server application. This reportedly occurs with 'LocalSystem' privileges, allowing the attacker to gain complete control of the targeted computer.
Versions 5.0, 5.2, and 5.3 of RSA Authentication Agent for Web are vulnerable to this issue.
The discoverer has reportedly developed an exploit. This exploit is not publicly available or known to be circulating in the wild.
An exploit (rsa_iiswebagent_redirect.pm) as part of the Metasploit Framework has been released.
The reporter of this issue states that the vendor has made fixes available for this vulnerability. This has not been confirmed by Symantec. Users of affected packages are urged to contact the vendor for further information.
Users with valid support contracts with the vendor may be able to locate fixes at:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.