000016079 - AxM 4.8 agent for IIS 7: Heap corruption causes GP fault in ntdll.dll when doing certificate based client authentication.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016079
Applies ToWeb Agent IIS V4.8 Agent for IIS 7.0
RSA Key Manager (RKM)
IssueAxM 4.8 agent for IIS 7: Heap corruption causes GP fault in ntdll.dll when doing certificate based authentication.
The IIS Application Pool hosting the ct_iis70_agent dll fails after three attempts and is disabled.

The windows event viewer shows the following error:

Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxx
Description:
Faulting application w3wp.exe, version 7.0.6002.18005, time stamp 0x49e03238, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e0421d, exception code 0xc0000005, fault offset 0x0000000000048db2, process id 0x10c4, application start time 0x01cb8b4bca601e40.

 
CauseThere is an error in the normalization of certificates used for Client authenticated SSL which will cause heap corruption if the certificate contains characters in the DN that require the DN to be encapsulated in quotes.
ResolutionThis issue has been resolved in hotfix 4.8.0.48 for the 4.8 Agent.  Contact RSA Customer Support and request this hotfix or the latest cumulative hotfix for your platform.
WorkaroundA certificate is being used for SSL client authentication which contains non alphanumeric characters.
NotesThis issue commonly occurs when the 4.8 Agent for IIS 7.0 is used with Key Manager as the key manager client uses client certificates for SSL authentication. 
Legacy Article IDa53166

Attachments

    Outcomes