RSA issues patch for Web authentication tool

Brief: RSA's Authentication Agent for Web for Internet Information Service is vulnerable and needs to be updated

Security company RSA has patched a vulnerability in its Web authentication software.

RSA is advising customers to update software for its Authentication Agent for Web for Internet Information Service, after researcher Gary O'Leary-Steele discovered a flaw which could allow hackers to execute arbitrary code.

On its Web site Secunia said that the vulnerability occurred from a boundary error. "[It] can be exploited to cause a heap-based buffer overflow by sending an overly long 'chunk' of data via the chunked-encoding mechanism."

The vulnerability exists in versions 5, 5.2 and 5.3 of the product. Click here to download the patch.