In association with heise online

« previous | next »
4 August 2008, 11:42

Critical security holes in K9 Web Protection

Secunia, the security service provider, has reported three errors in K9 Web Protection from Blue Coat, which is free for private use. The errors enable attackers to take control of a client system. The causes are a buffer overflow that occurs in k9filter.exe, the filter service, when it is processing an excessively long "Referer" header, and two buffer overflows when defective HTTP responses are received from the central information server (sp.cwfservice.net). Although a successful attack using the first overflow only requires a visit to a manipulated page, a man-in-the-middle or DNS spoofing attack has to be initiated to exploit the other two errors to slip code in and run it.

The errors were found in version 3.2.44 of K9 with version 3.2.32 of the filter, but other versions could be similarly vulnerable. Blue Coat is already working on a fix for the problem. An updated version 4.1.x is promised for September. Blue Coat recommends that the product be uninstalled until then. Alternatively, users can install the beta version, said to be coming out on 8 August.

See also:

(trk)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-736729

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Gigabyte GeForce GTX 670 OC
  8. Palit GeForce GTX 670
  9. Diablo 3 (deutsch)
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit