--0__=W0HoYqOc9Gb7fEUdwyjpJ1JEwqFAWR1rS3PxmHBGl9I45gaE5gE2r9ku Content-type: text/plain; charset=windows-1257 Content-Disposition: inline Content-transfer-encoding: quoted-printable Greetings Bugtraq. The issue mentioned in the attached posting has bee= n fixed. The patched binary of Smaxagent.exe mentioned in the post is no= w part of the AutoSecure Policy Compliance Manager v7.1, slated for release Fe= bruary 99. Existing customers using Policy Compliance Manager v7.0 under Wind= ows NT can obtain the hotfix patch immediately by contacting our Technical Cus= tomer Support at (800) 833-PLAT. Any future questions/ issues can be reported to the technical support n= umber listed above. This allows them to be quickly escalated to the engineer= s for a prompt response using our Product Assistance Request (PAR) system. The= specific issue dealt with in this posting was addressed and fixed immed= iately after receiving an email bug report on September 9th. We regret any br= eakdown in communications that might have resulted in a post to Bugtraq. PLATINUM technology is committed to providing the most robust Enterpris= e Security solutions available. We thank the members of Bugtraq for thei= r vigilance in holding all software to the highest standards. For more technical information or other questions on PLATINUM=92s AutoSecure sui= te of tools, please contact me directly. Regards, Robert Flannigan Product Specialist robert.flanniganat_private 800.526.9096 Please respond to Bugtraq List <BUGTRAQat_private> To: BUGTRAQat_private cc: Subject: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0 = --0__=W0HoYqOc9Gb7fEUdwyjpJ1JEwqFAWR1rS3PxmHBGl9I45gaE5gE2r9ku Content-type: text/plain; charset=us-ascii Content-Disposition: inline __________________________________________________________ S.A.F.E.R. Security Bulletin 981204.DOS.1.3 __________________________________________________________ TITLE : Buffer Overflow in Platinum PCM 7.0 DATE : December 04, 1998 NATURE : Denial-of-Service, Remote Code Execution PLATFORMS : Windows NT 4.0 DETAILS: Policy Compliance Manager is a product that performs checks on the system, in order to ensure that security policies are enforced. It acts very much as a security scanner, but with a limited number of security checks. PCM Agent can be installed on different machines. Then, users can establish connection and initiate checks using the PCM Client. PROBLEM: If certain amount of data is sent to port where Smaxagent.exe (Agent) is listening [1827], Smaxagent will crash. Restart of the service is needed. Remote users can also execute arbitrary code. FIXES: Platinum has been informed about this issue (and confirmed the problem) on September 9th 1998. --0__=W0HoYqOc9Gb7fEUdwyjpJ1JEwqFAWR1rS3PxmHBGl9I45gaE5gE2r9ku--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:42 PDT