AOH :: Windows Apps :: HACK3267.HTM

AOH :: Windows Apps :: HACK3267.HTM
Avirt Voice 4.0 Remote Buffer Overflow

Remote Buffer Overflow in Avirt Voice 4.0 Donato Ferrante Application: Avirt Voice http://www.avirt.com/ Version: 4.0 Bug: Remote Buffer Overflow Author: Donato Ferrante e-mail: fdonato@autistici.org web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description 2. The bug 3. The code 4. The fix xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ---------------- 1. Description: ---------------- Vendor's Description: "Avirt Voice acts as an H.323 gateway between IP networks. It allows users to operate H.323 applications, like Microsoft NetMeeting, Intel Video Phone, or Netspeak Webphone, from behind a firewall. Because Voice is a software solution, it is more easily scalable and much less expensive than hardware alternatives." xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------ 2. The bug: ------------ The program doesn't well manage the received strings on the TCP port 1080. In fact it will have a buffer overflow. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------- 3. The code: ------------- To test the vulnerability simply send to the server ( port 1080 ) a string like: GET aaaa[ 1113 of a ]aaaa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------ 4. The fix: ------------ Vendor was contacted. Bug will be fixed in the next version of Avirt Voice. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.