The software referred to as BCAAA (Blue Coat Authentication and Authorization Agent) is installed on a domain server (not necessarily a domain controller, a member server is enough) and acts as an intermediary between a Blue Coat ProxySG and the domain. The BCAAA Windows Service is vulnerable to a stack-based buffer overflow, this can lead to remote code execution running with SYSTEM privileges. Affected are all versions of BCAAA associated with ProxySG releases 4.2.3, 4.3, 5.2, 5.3, 5.4, 5.5, and 6.1 available prior to April 21, 2011 or with a build number less than 60258. All versions of BCAAA associated with ProxyOne are also vulnerable.
Summary
Name: Blue Coat BCAAA Remote Code Execution Vulnerability
Release Date: 5 July 2011
Reference: NGS00060
Discoverer: Paul Harrington <paul.harrington@ngssecure.com>
Vendor: Blue Coat Systems Inc
Vendor Reference: 2-358686722
Systems Affected: All versions of BCAAA associated with ProxySG releases 4.2.3, 4.3, 5.2, 5.3, 5.4, 5.5, and 6.1 available prior to April 21, 2011 or with a build number less than 60258. All versions of BCAAA associated with ProxyOne are also vulnerable
Risk: High
Status: Published
TimeLine
Discovered: 10 March 2011
Released: 10 March 2011
Approved: 10 March 2011
Reported: 11 March 2011
Fixed: 4 April 2011
Published: 5 July 2011
Description
The software referred to as BCAAA (Blue Coat Authentication and Authorization Agent) is installed on a domain server (not necessarily a domain controller, a member server is enough) and acts as an intermediary between a Blue Coat ProxySG and the domain.
The BCAAA Windows Service is vulnerable to a stack-based buffer overflow, this can lead to remote code execution running with SYSTEM privileges.
Technical Details
Sending a large buffer to TCP port 16102 causes a stack-based buffer overflow in the bcaaa-130.exe process.
Fix Information
Patches can be downloaded from the Bluecoat Knowledge Base:
https://kb.bluecoat.com/index?page=content&id=SA55
NGS Secure Research
http://www.ngssecure.com
ไม่มีความคิดเห็น:
แสดงความคิดเห็น