NAI Net Tools PKI Server strong.exe Buffer Overflow Vulnerability

Solution:
Network Associates has released a fix for this problem. Furthermore CORE SDI has detailed a way to check if this exploit has been attempted against your installation, as per the CORE SDI advisory (attached in full in the 'Credit' section):

To determine whether anyone has attempted to exploit this vulnerability, check the enroll-access.log and the admin-access.log files in the WebServer/logs directory of your Net Tools PKI Server installation. Search for any log entries which are excessively long (greater than 500 characters). Each log entry can then be examined to see the IP address of the computer that submitted the request.


Network Associates Net Tools PKI Server 1.0

Network Associates Net Tools PKI Server 1.0 Hotfix1

Network Associates Net Tools PKI Server 1.0 Hotfix2


 

Privacy Statement
Copyright 2010, SecurityFocus