Release Notes for Net Tools PKI Server Version 1.0 for Windows NT HotFix 3 Copyright (c) 1999-2000 Networks Associates Technology, Inc. All Rights Reserved. Thank you for using Net Tools PKI Server. This file contains important information regarding this HotFix release. Network Associates strongly recommends that you read the entire document and install this HotFix immediately on any Net Tools PKI Servers that you have deployed. Note: Net Tools PKI Server HotFixes are generally not cumulative in nature. Please be certain to install both HotFix 1 and HotFix 3 on your Net Tools PKI Server. Please note that HotFix 3 incorporates fixes made in HotFix 2. ___________________ WHAT'S IN THIS FILE - The Purpose of this HotFix - Issues Resolved in this HotFix - Files Included with this HotFix - Installation - Credits - Contacting Network Associates __________________________ THE PURPOSE OF THIS HOTFIX ISSUE #1 This HotFix resolves a buffer overflow problem in an OEM version of software incorporated within the Net Tools PKI Server product. Without this HotFix installed, users using long invalid filenames within HTTP requests could cause a buffer overflow in the error logging function of the Web server incorporated within the Net Tools PKI. This can result in the Net Tools PKI Web Server service crashing and--potentially--data being overwritten on the stack of the host computer. To determine whether anyone has attempted to exploit this vulnerability, check the enroll-access.log and the admin-access.log files in the WebServer/logs directory of your Net Tools PKI Server installation. Search for any log entries which are excessively long (greater than 500 characters). Each log entry can then be examined to see the IP address of the computer that submitted the request. ISSUE #2 This HotFix resolves a Web server directory traversal problem in an OEM version of software incorporated within the Net Tools PKI Server product. Without this HotFix installed, directory traversal was not disabled within the Web server incorporated within the Net Tools PKI. This can result in unauthorized access to files on the host computer outside of the Web server root directory. Knowledge of the directory structure is required to access specific files. Access is limited to files which are readable by the user that the Enrollment and/or Administration Web server runs under. To determine whether anyone has attempted to exploit this vulnerability, check the enroll-access.log and the admin-access.log files in the WebServer/logs directory of your Net Tools PKI Server installation. Search for any log entries containing "..\" within them. Each log entry can then be examined to see the IP address of the computer that submitted the request. ISSUE #3 This HotFix resolves a URL validation and Web Server crashing problem in an OEM version of software incorporated within the Net Tools PKI Server product. This HotFix resolves a problem with validating string formatting of user supplied data. The Web Server component of the Net Tools PKI Server failed to properly validate data passed as arguments to the server's logging routines. Passing certain strings could cause the Web Server to crash and potentially cause arbitrary code to run as the user account that the Web Server component is running as on the host computer. ISSUE #4 This HotFix resolves a URL validation problem in an OEM version of software incorporated within the Net Tools PKI Server product. This HotFix resolves a problem where it was possible to obtain a directory listing for system or web server directories by requesting URLs containing characters such as double quote ("), less than (<), and greater than (>), which are illegal in Win32 file names. To determine whether anyone has attempted to exploit this vulnerability, check the enroll-access.log and the admin-access.log files in the WebServer/logs directory of your Net Tools PKI Server installation. Search for any log entries with URLs containing the characters mentioned above within them. Each log entry can then be examined to see the IP address of the computer that submitted the request. ISSUE #5 This HotFix resolves web server crashing problem in an OEM version of software incorporated within the Net Tools PKI Server product. Without this HotFix installed, it is possible to crash the Web server component of the Net Tools PKI when requesting certain URLs. It was possible to cause the web server to crash by requesting URLs of the form /~username/, or by requesting a URL containing escaped characters outside of the normal ASCII range of 32-127. _____________________________ FILES INCLUDED IN THIS HOTFIX This HotFix corrects the issues as specified by replacing STRONG.EXE in the Net Tools PKI Server installation directory. ____________ INSTALLATION * INSTALLATION STEPS * 1. Stop the Net Tools PKI Web Server service. 2. Make a backup copy of the STRONG.EXE file found in the directory "WebServer\bin" under the product installation directory (default c:\Program Files\Network Associates\NetTools PKI Server\WebServer\bin). 3. Copy the updated STRONG.EXE into that directory. 4. Start the Net Tools PKI Web Server service. * REMOVING THIS HOTFIX * Network Associates recommends that you do NOT remove the HotFix file from your Net Tools PKI installation once you installed it. If you reinstall your Net Tools PKI v1.0 software, Network Associates recommends that you also reinstall all associated HotFixes. _______ CREDITS Network Associates would like to acknowledge the efforts of Juliano Rizzo at CORE for finding issues #1 through #3 and notifying us of them. CORE SDI is a computer security company based in Buenos Aires, Argentina. http://www.core-sdi.com ____________________________ CONTACTING NETWORK ASSOCIATES Because this is a HotFix and not a patch, this file has been through limited testing. If you experience any problems as a result of applying this HotFix, please contact the Back Line support engineer who provided the HotFix or call Network Associates Technical Support at 1-800-722-3709.