![[LWN Logo]](/images/lwn.banner.gif)
Date: Wed, 25 Aug 1999 16:08:36 -0400 From: X-Force <xforce@ISS.NET> Subject: ISS Security Advisory: Buffer Overflow in Netscape Enterprise and To: BUGTRAQ@SECURITYFOCUS.COM -----BEGIN PGP SIGNED MESSAGE----- ISS Security Advisory August 25, 1999 Buffer Overflow in Netscape Enterprise and FastTrack Web Servers Synopsis: Internet Security Systems (ISS) X-Force has discovered a vulnerability in the Netscape Enterprise Server and Netscape FastTrack Server. Netscape produces web servers and web browsers for individuals, small workgroups, and business professionals. An attacker can send the web server an overly long HTTP GET request, overflowing a buffer in the Netscape httpd service and overwriting the process's stack. This allows a sophisticated attacker to force the machine to execute any program code that is sent. The ISS X-Force has demonstrated that it is possible to use this vulnerability to execute arbitrary code as SYSTEM on the server, giving an attacker full control of the machine. Affected Versions: This vulnerability was tested on Enterprise 3.6sp2 and FastTrack 3.01. Fix Information: Apply the Enterprise 3.6 SP 2 SSL Handshake fix, available from Netscape at: http://www.iplanet.com/downloads/patches/detail_12_86.html. Additional Information: To download the FlexCheck for this vulnerability for Internet Scanner 6.0, go to the following URL: http://download.iss.net/eval/ISNetscapeGetOverflowFlexCheck.exe Additional Information: Information in this advisory was obtained by the research of Caleb Sima <csima@iss.net> of the ISS X-Force. ISS X-Force would like to thank Netscape Communications Corporation for their response and handling of this vulnerability. ________ About ISS: ISS is the pioneer and leading provider of adaptive network security software delivering enterprise-wide information protection solutions. ISS' award-winning SAFEsuite family of products enables information risk management within intranet, extranet and electronic commerce environments. By combining proactive vulnerability detection with real-time intrusion detection and response, ISS' adaptive security approach creates a flexible cycle of continuous security improvement, including security policy implementation and enforcement. ISS SAFEsuite solutions strengthen the security of existing systems and have dramatically improved the security posture for organizations worldwide, making ISS a trusted security advisor for firms in the Global 2000, 21 of the 25 largest U.S. commercial banks and over 35 governmental agencies. For more information, call ISS at 678-443-6000 or 800-776-2362 or visit the ISS Web site at www.iss.net. Copyright (c) 1999 by Internet Security Systems, Inc. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk. X-Force PGP Key available at: http://xforce.iss.net/sensitive.php3 as well as on MIT's PGP key server and PGP.com's key server. Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBN8QjJTRfJiV99eG9AQF3/gP/SjORxj7h3NEoRW5Zx2kTJ4fnGhNhcpUP 0Kgc8W5qAf0XL0vC2BORLtqkbFi33D7IccBDjpDOWK6S5JyoSanRZsBkrICqEJ7p oMhJdSs2UQotZmg2RujtiScYJXcH9mW235/ObhIBW72FLR6EiaQTyG3In824FJ0f vaOgGu7HkuE= =ddKF -----END PGP SIGNATURE-----