K9 WEB PROTECTION "REFERER" HEADER BUFFER OVERFLOW (CVE-2007-2952)

Advisory Date

August 1, 2008

Advisory Severity

Severe

Details

Description:
K9 Web Protection is vulnerable to a buffer overflow when processing "Referer" headers.

Workaround:
There is no effective workaround other than upgrading to a fixed version when available (see below) or uninstalling K9 Web Protection and installing a fixed version when available.

Affected Version:
3.2.4.4

Fixed in:
4.1.x to be released in September 2008

A beta version of 4.1.x will be available starting 8 August 2008. If you have chosen to be part of the beta program, this update will be installed automatically. You can also install the beta manually.

You can download the beta now at http://www1.k9webprotection.com/getk9/beta.php

You can opt into the K9 Web Protection Beta program under Setup, Advanced, Update to Beta in the K9 Web Protection Administration page. In this case the beta will be automatically installed sometime in the next few weeks.

References:
Secunia Research

Severity: 
Severe
Advisory Date: 
August 1, 2008
Advisory Publish Time: 
11/13/2008 - 09:51