ARX PrivateWire Gateway Online Registration buffer overflow
| privatewire-registration-bo (27430) |  High Risk |
Description:
ARX PrivateWire Gateway is vulnerable to a buffer overflow, caused by improper bounds checking by the Online Registration function. By sending an overly long 'GET' request, an unauthenticated remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Platforms Affected:
- ARX, ARX PrivateWire Gateway prior to 3.7
- Sun, Solaris 1.0
- Sun, Solaris 2.6
- Sun, Solaris 7.0
Remedy:
Contact ARX Customer Support for information on obtaining a patch for this vulnerability. See References.
Consequences:
Gain Access
References:
- ARX Algorithmic Research Web site, PrivateWire at http://www.arx.com/products/privatewire.php.
- BugTraq Mailing List, Mon Jun 26 2006 - 08:07:26 CDT , ERNW Security Advisory 01/2006 at http://archives.neohapsis.com/archives/bugtraq/2006-06/0520.html.
- BID-18647: Algorithmic Research PrivateWire Online Registration Remote Buffer Overflow Vulnerability
- CVE-2006-3252: Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request.
- SA20812: PrivateWire Registration Functionality Buffer Overflow
- SECTRACK ID: 1016382: PrivateWire Online Registration Buffer Overflow Lets Remote Users Execute Arbitrary Code
- VUPEN/ADV-2006-2549: Algorithmic Research PrivateWire Registration Remote Buffer Overflow Vulnerability
Reported:
Jun 26, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net