Critical security holes in K9 Web Protection
Secunia, the security service provider, has reported three errors in K9 Web Protection from Blue Coat, which is free for private use. The errors enable attackers to take control of a client system. The causes are a buffer overflow that occurs in k9filter.exe
, the filter service, when it is processing an excessively long "Referer" header, and two buffer overflows when defective HTTP responses are received from the central information server (sp.cwfservice.net). Although a successful attack using the first overflow only requires a visit to a manipulated page, a man-in-the-middle or DNS spoofing attack has to be initiated to exploit the other two errors to slip code in and run it.
The errors were found in version 3.2.44 of K9 with version 3.2.32 of the filter, but other versions could be similarly vulnerable. Blue Coat is already working on a fix for the problem. An updated version 4.1.x is promised for September. Blue Coat recommends that the product be uninstalled until then. Alternatively, users can install the beta version, said to be coming out on 8 August.
See also:
- K9 WEB PROTECTION "REFERER" HEADER BUFFER OVERFLOW (CVE-2007-2952), vulnerability report from Blue Coat
- Blue Coat K9 Web Protection "Referer" Header Buffer Overflow, report from Secunia
- Blue Coat K9 Web Protection Response Handling Buffer Overflows, report from Secunia
(trk)