ValiCert Enterprise Validation Authority maxOCSPValidityPeriod Buffer Overflow Vulnerability

ValiCert Enterprise Validation Authority includes an Administration Server, which can be accessed through a web interface. CGI functionality is provided by the script forms.exe. This script is available on port 13333 in the default installation.

One of the functions provided by this script is the ability to reconfigure the ValiCert server which responds to validation requests. Passing the maxOCSPValidityPeriod function an unusually long string will overflow its buffer. This could overwrite the stack, and possibly lead to execution of arbitrary code.


Privacy Statement
Copyright 2010, SecurityFocus