Easy Chat Server Authentication Request Buffer Overflow

2009-08-03T00:00:00
ID SAINT:1DEF8D56F7AF356336C4264808FD30BF
Type saint
Reporter SAINT Corporation
Modified 2009-08-03T00:00:00

Description

Added: 08/03/2009

Background

Easy Chat Server is a web-based chat server for Microsoft Windows.

Problem

The server is vulnerable to a remote buffer-overflow attack which can be triggered by sending a specially crafted **password** parameter to **chat.ghp**.

Resolution

Easy Chat Server 2.2 and earlier are vulnerable. Contact the vendor at support@echatserver.com for information on when a fix will be available.

References

<http://milw0rm.com/exploits/8142>
<http://securitytracker.com/alerts/2009/Mar/1021785.html>

Limitations

Exploit works on Easy Chat Server 2.2 on Windows 2000 and Windows 2003.

Platforms

Windows