Net Tools PKI server
CVE 2000-0739
CVE 2000-0740
CVE 2000-0741
Impact
Several vulnerabilities in Net Tools PKI server, if present,
could allow a remote attacker to execute arbitrary code
or to view and download any file on the server.
Background
NAI Net Tools PKI Server is a full-featured PKI server for
Windows NT systems. It runs a secure web server on ports
443, 444, and 445.
strong.exe is the executable file which services
https requests on these three ports.
The Problem
There are three separate problems in the strong.exe
program that comes with Net Tools PKI Server 1.0 prior to Hotfix 3.
CVE 2000-0740
Firstly, a buffer overflow in strong.exe could
allow a remote attacker to execute arbitrary commands with
SYSTEM privileges by supplying a very long,
specially crafted URL.
CVE 2000-0739
Secondly, an attacker could view any file on the system using
the ../ string in the pathname to escape from the
default directory.
CVE 2000-0741
Finally, a format string vulnerability in strong.exe
could allow a remote user to execute arbitrary commands on
the server with SYSTEM privileges by supplying a
specially crafted URL with the .xuda extension.
Resolution
Contact the vendor for Hotfix 3 for Net Tools PKI Server 1.0. If Hotfix 3
or higher has already been applied, then the system does not
have these vulnerabilities.
Versions higher than 1.0 are not affected by these vulnerabilities.
Where can I read more about this?
These vulnerabilities were researched by CORE-SDI
and posted to Bugtraq.