lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 23 Feb 2004 09:08:51 -0000
From: "Donato Ferrante" <fdonato@...istici.org>
To: <bugtraq@...urityfocus.com>
Subject: Multiple Remote Buffer Overflow in Avirt Soho 4.3


                           Donato Ferrante


Application:  Avirt Soho
              http://www.avirt.com/

Version:      4.3

Bugs:         Multiple Remote Buffer Overflow

Author:       Donato Ferrante
              e-mail: fdonato@...istici.org
              web:    www.autistici.org/fdonato



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bugs
3. The code
4. The fix



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"Developed for the home or small office, Soho installs in minutes!
Its intuitive wizards and simple interface automate the setup process
and make maintenance a snap. Don't worry if you're new to networking
or Internet sharing - Avirt Soho does all the work!"



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
2. The bugs:
-------------

The program doesn't well manage the received strings on the TCP ports:
[1] 1080 and [2] 8080. In fact it will have a buffer overflow.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

[1]

To test the vulnerability simply send to the server ( port 1080 ) a
string like:

GET aaaa[ 1113 of a ]aaaa


[2]

To test the vulnerability on the web service send to the server
( port 8080 ) a string like:

GET %%%%[ 2061 of % ]%%%% HTTP/1.1



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

Vendor was contacted.
Bugs will be fixed in the next version of Avirt Soho.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ