AnalogX SimpleServer:Shout Invalid Request Overflow

2002-06-13T00:00:00
ID OSVDB:3782
Type osvdb
Reporter OSVDB
Modified 2002-06-13T00:00:00

Description

Vulnerability Description

AnalogX SimpleServer:Shout contains a flaw that allows a remote attacker to execute arbitrary code on a vulnerable system. The issue is due to improper sanity checking on incoming traffice. If an attacker sends a packet with 348 or more non-space characters followed by 2 carriage returns they can crash the application.

Solution Description

Upgrade to version 1.02 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

AnalogX SimpleServer:Shout contains a flaw that allows a remote attacker to execute arbitrary code on a vulnerable system. The issue is due to improper sanity checking on incoming traffice. If an attacker sends a packet with 348 or more non-space characters followed by 2 carriage returns they can crash the application.

References:

Vendor URL: http://www.analogx.com/contents/download/network/ssshout.htm Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2002-06/0338.html ISS X-Force ID: 9427 CVE-2002-1000 Bugtraq ID: 5104