http://news.cnet.com/
RSA patches Web authentication tool
http://news.cnet.com/RSA-patches-Web-authentication-tool/2110-7355_3-5705043.html
Story last modified Thu May 12 11:44:59 PDT 2005
Security company RSA has patched a vulnerability in its Web authentication software. RSA is advising customers to update software for its Authentication Agent for Web for Internet Information Service, after researcher Gary O'Leary-Steele discovered a flaw which could allow hackers to execute arbitrary code.
On its Web site Secunia said that the vulnerability occurred from a boundary error. "(It) can be exploited to cause a heap-based buffer overflow by sending an overly long 'chunk' of data via the chunked-encoding mechanism." The vulnerability exists in versions 5, 5.2 and 5.3 of the product. Click here to download the patch.
