HTTP: RSA Agent Redirect Overflow
This signature detects attempts to exploit a known vulnerability against RSA Authentication Agent for Web Redirect. Attackers can send malicious data that can cause a buffer overflow leading to arbitrary remote code execution within the context of the Agent service.
Extended Description
A remote heap-based buffer overflow vulnerability exists in RSA Authentication Agent for Web. This issue is due to a failure of the application to properly bounds check user-supplied input data prior to copying it into a fixed-sized heap buffer memory region. This vulnerability allows remote attackers to execute arbitrary machine code in the context of the vulnerable server application. This reportedly occurs with 'LocalSystem' privileges, allowing the attacker to gain complete control of the targeted computer. Versions 5.0, 5.2, and 5.3 of RSA Authentication Agent for Web are vulnerable to this issue.
Affected Products
Rsa_security rsa_authentication_agent_for_web
Short Name
HTTP:CGI:RSA-AGENT-BOF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Agent CVE-2005-1471 Overflow RSA Redirect bid:13524
Release Date
12/19/2005
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Rsa_security
CVSS Score
7.5