ISS Internet Scanner HTTP response buffer overflow
|is-http-response-bo (10130)||Medium Risk|
Internet Security Systems' Internet Scanner is a network security vulnerability assessment product. Vulnerability Assessment products are used to probe networks and networking devices for security vulnerabilities. Internet Scanner version 6.2.1 for Windows NT and Windows 2000 is vulnerable to a buffer overflow, caused by improper parsing of HTTP responses. By configuring a malicious host to return an overly long malformed HTTP response, a remote attacker could overflow a buffer on the Internet Scanner host, which would cause Internet Scanner to crash or allow the attacker to execute arbitrary commands on the server.
Refer to Internet Security System Security Alert, September 18, 2002 for more information. See References.
Install X-Press Update 6.17, available from the Internet Security Systems Download Center. It can also be downloaded and installed using the Internet Scanner X-Press Update Installer. See References.
- Foundstone Security Advisory 091802-ISSC: Remotely Exploitable Buffer Overflow in ISS Scanner.
- Internet Security Systems Security Alert, September 18, 2002: Flaw in Internet Scanner Parsing Mechanism.
- Internet Security Systems Web site: Download Center.
- BID-5738: ISS Internet Scanner HTTP Banner Text Parsing Buffer Overflow Vulnerability
- BID-574: CREAR ALMail32 Buffer Overflow Vulnerability
- CVE-2002-1122: Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response.
- OSVDB ID: 3150: ISS Security Scanner HTTP Remote Overflow
- IBM ISS Internet Scanner Software 6.2.1
Sep 18, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this