Tumbleweed SecureTransport FileTransfer ActiveX Control TransferFile() Buffer Overflow - Security


Editor Login \| Register		Ekle

> World > Security

Tumbleweed SecureTransport FileTransfer ActiveX Control TransferFile() Buffer Overflow - Security - World -

CWRedLight

(Date : 10.04.2008 23:33:45)

Tumbleweed SecureTransport FileTransfer ActiveX Control TransferFile() Buffer Overflow

Secunia Advisory:	SA29717
Release Date:	2008-04-10

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

Software:	Tumbleweed SecureTransport Server

Description:
Patrick Webster has reported a vulnerability in Tumbleweed SecureTransport, which can be exploited by malicious people to compromise a user"s system.

The vulnerability is caused due to a boundary error in the SecureTransport FileTransfer ActiveX Control (e.g. vcst_eu.dll, vcst_en.dll) when handling arguments to the "TransferFile()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long "remoteFile" string to the affected method.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in vcst_eu.dll version 1.0.0.5. Other versions may also be affected.

Solution:
Reportedly fixed in SecureTransport Server 4.6.1 Hotfix 20.

Provided and/or discovered by:
Patrick Webster

Original Advisory:
http://www.aushack.com/200708-tumbleweed.txt

Extended Solution:
The "Extended Solution" section is available for Secunia customers only. Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories.

Derecelendir

Kaynak

http://secunia.com/advisories/29717/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS