J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: NCP Secure Client Multiple Vulnerabilities

Severity: CRITICAL

Description:

NCP Secure Client is a commercial VPN and firewall application that is available for multiple platforms including Microsoft Windows and Linux.

NCP Secure Client is susceptible to multiple vulnerabilities.

The following issues have been identified:

- Firewall rules designed to allow only specific applications to access the network may be bypassed. This issue is due to the client application's failure to ensure that the application designated in the firewall configuration has not been modified or replaced by a local user. When a firewall rule is in place to allow a specific binary to have access to the network, a local user may replace the binary with one of their own. The firewall uses just the path of the executable to allow access to the network.

- Some applications are prone to local command-line-argument buffer-overflow vulnerabilities. The 'ncpmon.exe' utility is susceptible to a command-line buffer-overflow vulnerability. If it is passed a command line of more than 260 bytes, its functionality will alter, granting the user elevated privileges. The 'ncprwsnt.exe' utility is also susceptible to a buffer-overflow vulnerability, and will consume excessive CPU resources when it is passed an unspecified amount of data on the command line. Attacker may possibly exploit these issues to execute arbitrary machine code, but this has not been confirmed. Even if these utilities may result in the execution of arbitrary code, it is not clear if privilege escalation is possible.

- The VPN client is susceptible to a remote denial-of-service vulnerability. By flooding the VPN client with random UDP data, an attacker may cause excessive CPU and memory usage to be consumed, resulting in a denial of service to legitimate users.

- The VPN client is susceptible to a local privilege-escalation vulnerability. The VPN client executes the 'connect.bat' script upon successful connection to a VPN server. This script is executed with elevated privileges, allowing users that can create or modify the file to execute arbitrary commands with SYSTEM-level privileges.

These issues allow local attackers to gain SYSTE-level privileges, allowing them to completely compromise affected computers. Remote attackers may consume excessive CPU resources, denying service to legitimate users.

NCP Secure Client version 8.11 Build 146 on the Microsoft Windows platform is vulnerable to these issues; other versions may also be affected.

Affected Products:

  • NCP Network Communication Secure Client 8.11 Build 146

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.