|
|
| |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Safenet Softremote IKE VPN service. Authentication is not required to exploit this vulnerability. |
| |
Credit:
The information has been provided by Ruben Santamarta.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-09-024
|
| |
Vulnerable Systems:
* Safenet SoftRemote prior to version 0.8.6
Immune Systems:
* Safenet SoftRemote version10.8.6 and later
The specific flaw exists in the ireIke.exe service listening on UDP port 62514. The process does not adequately handle long requests resulting in a stack overflow. Exploitation can result in complete system compromise under the SYSTEM credentials.
Disclosure Timeline:
2008-10-28 - Vulnerability reported to vendor
2009-06-01 - Coordinated public release of advisory
|
|
|
