Serious security vulnerabilities have been disclosed in three networking tools found in many enterprises: the RSA Authentication Agent for Web for Internet Information Services; ethereal, a network protocol analyser; and smail, a Mail Transfer Agent.
All three vulnerabilities could allow remote attackers to execute malicious code, according to security researchers, and patches have been released for all three.
The boundary error in RSA Authentication Agent for Web affects version IIS 5.x. Attackers could send a specially crafted "chunk" of data to the service, causing a heap-based buffer overflow and executing code, according to an advisory from security firm Secunia. A patch is available from RSA Security.
Ethereal is affected by a number of bugs, defined in more than a dozen separate entries in the CVE vulnerabilities database. The most serious of the bugs could allow the execution of malicious code, or could cause Ethereal to stop responding or consume a large amount of system resources, according to the vendor's advisory.
The vulnerabilities are caused by errors in several protocol dissectors, NULL pointer dereference errors, format string errors and others, according to Secunia. Version 0.10.11, available here, fixes the issues.
Two vulnerabilities have been disclosed in smail-3, a Mail Transfer Agent that competes with Sendmail. The first affects the way the SMTP server handles email addresses and possibly other SMTP fields, according to researchers. An remote or local attacker could pass an overly long string to the "Mail From" command, causing a buffer overflow.
The flaw could allow the execution of malicious code, according to several security researchers and the Debian operating system project, although smail-3's maintainer has disagreed, claiming the flaw is relatively hard to exploit. Proof-of-concept code is circulating publicly.
The second flaw involves signal handling, and could be exploited to execute malicious code, though only by local users, researchers said. The vulnerabilities were confirmed in smail-126.96.36.199 but may exist in other versions. The bugs are fixed in version 188.8.131.52, available from the smail project and from operating system vendors such as Debian.