Foundstone Advisory - Buffer Overflow in AnalogX SimpleServer:Shout

Type securityvulns
Reporter Securityvulns
Modified 2002-06-28T00:00:00


FS Advisory ID: FS-062502-22-AXSH

Release Date: June 25, 2002

Product: AnalogX SimpleServer:Shout

Vendor: AnalogX (

Vendor Advisory: See vendor web site

Type: Buffer Overflow

Severity: High

Author: Robin Keir ( Foundstone, Inc. (

Operating Systems: Windows variants

Vulnerable versions: SimpleServer:Shout v1.0

Foundstone Advisory:


A buffer overflow exists in AnalogX's SimpleServer:Shout software. Exploitation of this vulnerability allows remote execution of arbitrary code with the privileges of the Shout daemon (default is SYSTEM).


Sending a fake request to the target system on TCP port 8001 consisting of a packet of 348 or more non-space characters followed by 2 carriage return linefeeds causes a write access violation in the application. Manually dismissing the application error message box that is displayed on the affected system at this point will terminate the process. If the message box is not manually dismissed,, repeated sending of the request causes repeated access violation message boxes to appear on the affected system to the point where the service no longer responds.

Different number of bytes sent cause different error conditions to occur, such as write access violations and Watcom memory error dialogs to appear.


Refer to the vendor's web site for further details:


Foundstone would like to thank AnalogX for their prompt response and handling of this problem.


The information contained in this advisory is copyright (c) 2002 Foundstone, Inc. and is believed to be accurate at the time of publishing, but no representation of any warranty is given, express, or implied as to its accuracy or completeness. In no event shall the author or Foundstone be liable for any direct, indirect, incidental, special, exemplary or consequential damages resulting from the use or misuse of this information. This advisory may be redistributed, provided that no fee is assigned and that the advisory is not modified in any way.