[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040223090851.6986B24282@chernobyl.investici.org>
Date: Mon, 23 Feb 2004 09:08:51 -0000
From: "Donato Ferrante" <fdonato@...istici.org>
To: <bugtraq@...urityfocus.com>
Subject: Multiple Remote Buffer Overflow in Avirt Soho 4.3
Donato Ferrante
Application: Avirt Soho
http://www.avirt.com/
Version: 4.3
Bugs: Multiple Remote Buffer Overflow
Author: Donato Ferrante
e-mail: fdonato@...istici.org
web: www.autistici.org/fdonato
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. Description
2. The bugs
3. The code
4. The fix
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
----------------
1. Description:
----------------
Vendor's Description:
"Developed for the home or small office, Soho installs in minutes!
Its intuitive wizards and simple interface automate the setup process
and make maintenance a snap. Don't worry if you're new to networking
or Internet sharing - Avirt Soho does all the work!"
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------
2. The bugs:
-------------
The program doesn't well manage the received strings on the TCP ports:
[1] 1080 and [2] 8080. In fact it will have a buffer overflow.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------
3. The code:
-------------
[1]
To test the vulnerability simply send to the server ( port 1080 ) a
string like:
GET aaaa[ 1113 of a ]aaaa
[2]
To test the vulnerability on the web service send to the server
( port 8080 ) a string like:
GET %%%%[ 2061 of % ]%%%% HTTP/1.1
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
4. The fix:
------------
Vendor was contacted.
Bugs will be fixed in the next version of Avirt Soho.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Powered by blists - more mailing lists