SecurityTracker.com Archives - Avirt SOHO Contains Remote Buffer Overflow Vulnerabilities

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Avirt SOHO/Gateway

Vendors: Inari, Inc.

Avirt SOHO Contains Remote Buffer Overflow Vulnerabilities

SecurityTracker Alert ID: 1009189

CVE Reference: CAN-2004-0316 (Links to External Site)

Updated: Mar 23 2004

Original Entry Date: Feb 24 2004

Impact: Denial of service via network, Execution of arbitrary code via network, User access via network

Exploit Included: Yes Vendor Confirmed: Yes

Version(s): 4.3

Description: Some buffer overflow vulnerabilities were reported in Avirt SOHO. A remote user may be able to cause the SOHO services to crash or potentially execute arbitrary code.

Donato Ferrante reported that a remote user can send a specially crafted request to the target system on TCP port 1080 or 8080 to trigger a buffer overflow.

Some demonstration exploit requests are provided:

GET aaaa[ 1113 of a ]aaaa

GET %%%%[ 2061 of % ]%%%% HTTP/1.1

Impact: A remote user may be able to cause the SOHO services to crash or potentially execute arbitrary code [however, the report did not disclose the specific impact].

Solution: No solution was available at the time of this entry. The vendor reportedly plans to issue a fix as part of the next version of the product.

Vendor URL: www.avirt.com/products/soho.html (Links to External Site)

Cause: Boundary error

Underlying OS: Windows (Any)

Reported By: "Donato Ferrante" <fdonato@autistici.org>

Message History: None.

Source Message Contents

Date: Mon, 23 Feb 2004 09:08:51 -0000
From: "Donato Ferrante" <fdonato@autistici.org>
Subject: Multiple Remote Buffer Overflow in Avirt Soho 4.3

 

                           Donato Ferrante


Application:  Avirt Soho
              http://www.avirt.com/

Version:      4.3

Bugs:         Multiple Remote Buffer Overflow

Author:       Donato Ferrante
              e-mail: fdonato@autistici.org
              web:    www.autistici.org/fdonato



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bugs
3. The code
4. The fix



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"Developed for the home or small office, Soho installs in minutes!
Its intuitive wizards and simple interface automate the setup process
and make maintenance a snap. Don't worry if you're new to networking
or Internet sharing - Avirt Soho does all the work!"



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
2. The bugs:
-------------

The program doesn't well manage the received strings on the TCP ports:
[1] 1080 and [2] 8080. In fact it will have a buffer overflow.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

[1]

To test the vulnerability simply send to the server ( port 1080 ) a
string like:

GET aaaa[ 1113 of a ]aaaa


[2]

To test the vulnerability on the web service send to the server
( port 8080 ) a string like:

GET %%%%[ 2061 of % ]%%%% HTTP/1.1



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

Vendor was contacted.
Bugs will be fixed in the next version of Avirt Soho.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2004, SecurityGlobal.net LLC