Donato Ferrante Application: Avirt Soho http://www.avirt.com/ Version: 4.3 Bugs: Multiple Remote Buffer Overflow Author: Donato Ferrante e-mail: fdonato@autistici.org web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description 2. The bugs 3. The code 4. The fix xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ---------------- 1. Description: ---------------- Vendor's Description: "Developed for the home or small office, Soho installs in minutes! Its intuitive wizards and simple interface automate the setup process and make maintenance a snap. Don't worry if you're new to networking or Internet sharing - Avirt Soho does all the work!" xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------- 2. The bugs: ------------- The program doesn't well manage the received strings on the TCP ports: [1] 1080 and [2] 8080. In fact it will have a buffer overflow. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------- 3. The code: ------------- [1] To test the vulnerability simply send to the server ( port 1080 ) a string like: GET aaaa[ 1113 of a ]aaaa [2] To test the vulnerability on the web service send to the server ( port 8080 ) a string like: GET %%%%[ 2061 of % ]%%%% HTTP/1.1 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------ 4. The fix: ------------ Vendor was contacted. Bugs will be fixed in the next version of Avirt Soho. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx