ValiCert Enterprise Validation Authority forms.exe maxConnPerSite 缓冲区溢出漏洞

漏洞信息详情

ValiCert Enterprise Validation Authority forms.exe maxConnPerSite 缓冲区溢出漏洞

• CNNVD编号：CNNVD-200112-006
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-0949
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2001-12-04
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  valicert
• 漏洞来源：
  Discovered and pos…

ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3到4.2.1的forms.exe CGI程序存在缓冲区溢出漏洞。远程攻击者借助参数(1) Mode， (2)Certificate_File，(3)useExpiredCRLs，(4)listenLength，(5)maxThread，(6)maxConnPerSite，(7)maxMsgLen，(8)exitTime， (9)blockTime，(10)nextUpdatePeriod，(11)buildLocal，(12)maxOCSPValidityPeriod， (13)extension，和(14)特殊的与形成某一长度的字符串的私人密钥产生有关系的参数组合中的超长参数执行任意代码。

An updated version 4.2.2 has been released which fixes this vulnerability. ValiCert encourages users to contact support@valicert.com for support information.

来源: XF
名称: eva-forms-bo(7652)
链接:http://xforce.iss.net/static/7652.php

来源: BID
名称: 3621
链接:http://www.securityfocus.com/bid/3621

来源: www.valicert.com
链接:http://www.valicert.com/support/security_advisory_eva.html

来源: BID
名称: 3636
链接:http://www.securityfocus.com/bid/3636

来源: BID
名称: 3635
链接:http://www.securityfocus.com/bid/3635

来源: BID
名称: 3634
链接:http://www.securityfocus.com/bid/3634

来源: BID
名称: 3633
链接:http://www.securityfocus.com/bid/3633

来源: BID
名称: 3632
链接:http://www.securityfocus.com/bid/3632

来源: BID
名称: 3631
链接:http://www.securityfocus.com/bid/3631

来源: BID
名称: 3630
链接:http://www.securityfocus.com/bid/3630

来源: BID
名称: 3629
链接:http://www.securityfocus.com/bid/3629

来源: BID
名称: 3628
链接:http://www.securityfocus.com/bid/3628

来源: BID
名称: 3627
链接:http://www.securityfocus.com/bid/3627

来源: BID
名称: 3625
链接:http://www.securityfocus.com/bid/3625

来源: BID
名称: 3624
链接:http://www.securityfocus.com/bid/3624

来源: BID
名称: 3622
链接:http://www.securityfocus.com/bid/3622

来源: BUGTRAQ
名称: 20011204 NMRC Advisory – Multiple Valicert Problems
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=100749428517090&w=2