OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Net Tools PKI server exploits
From: Jim Stickley (jimGARRISON.COM)
Date: Mon Jun 19 2000 - 10:19:59 CDT


ISSUE #1 There is a vulnerability in an OEM version of software incorporated
within the Net Tools PKI Server product. An attacker can, under rare
circumstances, gain unauthorized access to the computer hosting the
Enrollment and/or Administrative Web servers of the Net Tools PKI. The
vulnerability revolves around an issue with the XUDA template files included
with the product, where these files do not reference absolute pathnames to
other files. To determine whether anyone has attempted to exploit this
vulnerability, check the enroll-access.log and the admin-access.log files in
the WebServer/logs directory of your Net Tools PKI Server installation.
Search for any log entries which include "x-templates" in the URL. Each
entry can then be examined to see the IP address of the computer and what
files were accessed.
ISSUE #2 I have discovered a potential buffer overflow / denial of service
vulnerability in an OEM version of software incorporated within the Net
Tools PKI Server product. Under certain circumstances, sending HTTP requests
with abnormally long values can cause the Net Tools PKI Directory Server to
crash.
NAI has produced a hotfix to solve these issues and it can be downloaded at:
ftp://ftp.tis.com/gauntlet/hide/pki/PKISERVER100-SP1-103-1.EXE
There is also a README at: ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
        -Jim

Jim Stickley
Garrison Technologies
http://www.garrison.com
619-543-8181 X33