Application: Foxit Remote Access Server (WAC Server) http://www.foxitsoft.com/wac/server_intro.php Versions: <= 2.0 Build 3503 Platforms: Windows Bugs: A] telnet option heap overflow B] SSH packet heap overflow Exploitation: remote Date: 16 Feb 2008 Author: Luigi Auriemma e-mail: email@example.com web: aluigi.org
1) Introduction 2) Bugs 3) The Code 4) Fix
=============== 1) Introduction ===============
WAC is a commercial SSH/telnet server for Windows.
======= 2) Bugs =======
The WAC server is vulnerable to a heap overflow exploitable through the usage of options longer than 260 bytes.
Note: this bug was wrongly reported by me as a crash and with a wrong server version one month ago.
The server is affected also by another heap overflow exploitable through big SSH packets, anyway no deeper research has been performed on this vulnerability.
=========== 3) The Code ===========
====== 4) Fix ======
Luigi Auriemma http://aluigi.org