TDI Security Bulletin August 2006
Windows Event
Forwarder (WEF) Buffer Overflow Vulnerability
Affected version:
ConsoleWorks 3.2-0u0
Summary
Issue: The ConsoleWorks®
Client Windows Event Forwarder (WEF) 3.2-0u0 application was discovered vulnerable
to a buffer overflow attack that could enable an attacker to take control of the
host machine and gain administrative access to clients running Microsoft® Windows®.
Who Should Read This Document:
Customers who use the WEF 3.2-0u0 on Windows-based clients.
Risk: High
Recommendation: Customers
should install the latest WEF (version 3.2-0u2 or later) immediately.
Caveats: None
Security Update
Download Location:
www.tditx.com/downloads
Details
The WEF 3.2-0u0 application is running code that exhibits a classic
buffer overflow vulnerability.
Resolution
A) Install the latest version of ConsoleWorks (3.2-0u1 or later), which contains a corrected version of the WEF.
OR
B) Uninstall WEF 3.2-0u0 and download and install the latest version of the WEF (3.2-0u2 or later).
Note: TDI User name and Password required. To obtain User name and Password, contact TDI
Support (support@tditx.com).
To uninstall WEF 3.2-0u0
1. On the Windows taskbar, click Start >
Control Panel > Add or Remove Programs.
2. Select ConsoleWorks Windows Event Forwarder.
3. Click Change/Remove.
To download WEF
1. Connect to www.tditx.com/downloads.
2. Click Windows Event Forwarder Security Update.
3. Enter User Name and Password, and click OK.
4. On the File Download dialog box, click Save, and save the file winntagt.zip to an accessible folder.
To install WEF
1. Locate winntagt.zip and extract winntagt.exe
2. Run winntagt.exe
3. On the Windows Event Forwarder Installation Wizard, respond to the questions and follow the instructions.
|
