search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

RSA Authentication Agent for Web for IIS vulnerable to heap overflow via overly large "chunk"

Vulnerability Note VU#790533

Original Release Date: 2005-05-11 | Last Revised: 2005-11-07

Overview

RSA Authentication Agent for Web for IIS contains a heap overflow in the handling of chunked input. This could allow a remote, unauthenticated attacker to execute arbitrary code on the server.

Description

RSA Authentication Agent software provides access control for networks, web applications, and operating systems. It is used in conjunction with RSA SecurID Authenticators and Authentication Manager software.

RSA Authentication Agent for Web for IIS contains a heap overflow vulnerability. Using chunked transfer-encoding it is possible to overwrite portions of heap memory, allowing execution of arbitrary code. Exploit code for this vulnerability is publicly available.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code with LocalSystem privileges on the vulnerable server.

Solution

Upgrade or patch
According to RSA Security:

To get this new patch and documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click "Downloads" in the left navigation menu. Then, click "Fixes by Product", click "RSA SecurID", and "Authentication Agent 5.x", and select the downloads and documentation that pertain to your environment.

Vendor Information

790533
 
Expand all

RSA Security Unknown

Notified:  May 06, 2005 Updated: May 11, 2005

Status

Unknown

Vendor Statement

RSA Security has recently discovered and fixed a potential security vulnerability in the following RSA Authentication Agent for Web software:

- RSA Authentication Agent 5.3 for Web for IIS

This issue has been addressed and thoroughly qualified by RSA Security. RSA Security is not aware of any security breaches resulting from this vulnerability.


Description:

- The RSA Authentication Agent for Web 5.3 for IIS can be exploited with a heap overflow condition


Implication:

- A heap overflow condition causes IIS to crash on Windows 2000


Action Taken by RSA Security:

RSA has created a security patch to eliminate this vulnerability to be applied to the following:

- RSA Authentication Agent 5.3 for Web for IIS

Recommendation:

RSA Security recommends that all customers currently using RSA Authentication Agents 5.3 for Web software apply the security patches available now on the RSA SecurCare Online site. Doing so eliminates this vulnerability.


Getting Security Fixes:

To get this new patch and documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click "Downloads" in the left navigation menu. Then, click "Fixes by Product", click "RSA SecurID", and "Authentication Agent 5.x", and select the downloads and documentation that pertain to your environment.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by Gary O'leary-Steele of Sec-1.

This document was written by Will Dormann, based on the Sec-1 security advisory .

Other Information

CVE IDs: CVE-2005-1471
Severity Metric: 15.75
Date Public: 2005-05-06
Date First Published: 2005-05-11
Date Last Updated: 2005-11-07 15:46 UTC
Document Revision: 11

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis