CVE-2001-0949 Information

Description

Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode (2) Certificate_File (3) useExpiredCRLs (4) listenLength (5) maxThread (6) maxConnPerSite (7) maxMsgLen (8) exitTime (9) blockTime (10) nextUpdatePeriod (11) buildLocal (12) maxOCSPValidityPeriod (13) extension and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.

Reference

http://marc.info/?l=bugtraq&m=100749428517090&w=2 http://www.securityfocus.com/bid/3621 http://www.securityfocus.com/bid/3622 http://www.securityfocus.com/bid/3624 http://www.securityfocus.com/bid/3625 http://www.securityfocus.com/bid/3627 http://www.securityfocus.com/bid/3628 http://www.securityfocus.com/bid/3629 http://www.securityfocus.com/bid/3630 http://www.securityfocus.com/bid/3631 http://www.securityfocus.com/bid/3632 http://www.securityfocus.com/bid/3633 http://www.securityfocus.com/bid/3634 http://www.securityfocus.com/bid/3635 http://www.securityfocus.com/bid/3636 http://www.valicert.com/support/security_advisory_eva.html https://exchange.xforce.ibmcloud.com/vulnerabilities/7652