ValiCert EVA forms.exe CGI script has multiple buffer overflows

eva-forms-bo (7652) The risk level is classified as HighHigh Risk

Description:

ValiCert Enterprise Validation Authority (EVA) is vulnerable to several buffer overflows in the forms.exe CGI script that is used by remote users to access the EVA Administration Server. By sending a specially-crafted HTTP POST request to the Administration Server on port 13333, a remote attacker can overflow a buffer and execute arbitrary code on the system with system level privileges.

This vulnerability can be exploited by using one of the following parameters to send a long character string to the forms.exe CGI script: -Mode -Certificate_File -useExpiredCRLs -listenLength -maxThread -maxConnPerSite -maxMsgLen -exitTime -blockTime -nextUpdatePeriod -buildLocal -maxOCSPValidityPeriod -extension -Private Key Generation


Consequences:

Gain Access

Remedy:

Upgrade to the latest version of EVA (4.2.2 or later), available by contacting ValiCert Customer Support. See References.

References:

  • NMRC Advisory 04-Dec-2001: Multiple Valicert Problems.
  • BID-3621: ValiCert Enterprise Validation Authority forms.exe mode Buffer Overflow Vulnerability
  • BID-3622: ValiCert Enterprise Validation Authority forms.exe maxThread Buffer Overflow Vulnerability
  • BID-3624: ValiCert Enterprise Validation Authority forms.exe blockTime Buffer Overflow Vulnerability
  • BID-3625: ValiCert Enterprise Validation Authority maxOCSPValidityPeriod Buffer Overflow Vulnerability
  • BID-3627: ValiCert Enterprise Validation Authority forms.exe Certificate_File Buffer Overflow Vulnerability
  • BID-3628: ValiCert Enterprise Validation Authority forms.exe nextUpdatePeriod Buffer Overflow Vulnerability
  • BID-3629: ValiCert Enterprise Validation Authority forms.exe buildLocal Buffer Overflow Vulnerability
  • BID-3630: ValiCert Enterprise Validation Authority forms.exe useExpiredCRLs Buffer Overflow Vulnerability
  • BID-3631: ValiCert Enterprise Validation Authority forms.exe extension Buffer Overflow Vulnerability
  • BID-3632: ValiCert Enterprise Validation Authority forms.exe listenLength Buffer Overflow Vulnerability
  • BID-3633: ValiCert Enterprise Validation Authority forms.exe maxConnPerSite Buffer Overflow Vulnerability
  • BID-3634: ValiCert Enterprise Validation Authority Private Key Generation Buffer Overflow Vulnerability
  • BID-3635: ValiCert Enterprise Validation Authority forms.exe maxMsgLen Buffer Overflow Vulnerability
  • BID-3636: ValiCert Enterprise Validation Authority forms.exe exitTime Buffer Overflow Vulnerability
  • CVE-2001-0949: Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.
  • OSVDB ID: 13209: ValiCert Enterprise Validation Authority forms.exe exitTime Overflow
  • OSVDB ID: 13210: ValiCert Enterprise Validation Authority forms.exe mode Overflow
  • OSVDB ID: 13211: ValiCert Enterprise Validation Authority forms.exe maxThread Overflow
  • OSVDB ID: 13212: ValiCert Enterprise Validation Authority forms.exe blockTime Overflow
  • OSVDB ID: 13213: ValiCert Enterprise Validation Authority forms.exe maxOCSPValidityPeriod Overflow
  • OSVDB ID: 13214: ValiCert Enterprise Validation Authority forms.exe Certificate_File Overflow
  • OSVDB ID: 13215: ValiCert Enterprise Validation Authority forms.exe nextUpdatePeriod Overflow
  • OSVDB ID: 13216: ValiCert Enterprise Validation Authority forms.exe buildLocal Overflow
  • OSVDB ID: 13217: ValiCert Enterprise Validation Authority forms.exe useExpiredCRLs Overflow
  • OSVDB ID: 13218: ValiCert Enterprise Validation Authority forms.exe extension Overflow
  • OSVDB ID: 13219: ValiCert Enterprise Validation Authority forms.exe listenLength Overflow
  • OSVDB ID: 13220: ValiCert Enterprise Validation Authority forms.exe maxConnPerSite Overflow
  • OSVDB ID: 13221: ValiCert Enterprise Validation Authority forms.exe Private Key Generation Overflow
  • OSVDB ID: 13222: ValiCert Enterprise Validation Authority forms.exe maxMsgLen Overflow

Platforms Affected:

  • ValiCert EVA 3.3 to 4.2.1

Reported:

Dec 04, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page