EFS Software Easy Chat Server Authentication Request Handling Remote Buffer Overflow Vulnerability
BID:25328
Info
EFS Software Easy Chat Server Authentication Request Handling Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 25328 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-2466 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 14 2007 12:00AM |
| Updated: | May 07 2015 05:36PM |
| Credit: | NetJackal |
| Vulnerable: |
Efssoft Easy Chat Server 2.5 Efssoft Easy Chat Server 2.2 |
| Not Vulnerable: | |
Discussion
EFS Software Easy Chat Server Authentication Request Handling Remote Buffer Overflow Vulnerability
Easy Chat Server is prone to a remote buffer-overflow vulnerability.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Easy Chat Server 2.2 is reported vulnerable; other versions may also be affected.
Easy Chat Server is prone to a remote buffer-overflow vulnerability.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Easy Chat Server 2.2 is reported vulnerable; other versions may also be affected.
Exploit / POC
EFS Software Easy Chat Server Authentication Request Handling Remote Buffer Overflow Vulnerability
Attackers can use a browser to exploit this issue.
A proof of concept and exploits are available:
Attackers can use a browser to exploit this issue.
A proof of concept and exploits are available:
- /data/vulnerabilities/exploits/25328-3.pl
- /data/vulnerabilities/exploits/easychat_dos.txt
- /data/vulnerabilities/exploits/25328.py
- /data/vulnerabilities/exploits/25328-Dr4sH.pl
- /data/vulnerabilities/exploits/25328.rb
- /data/vulnerabilities/exploits/25328-2.rb
- /data/vulnerabilities/exploits/25328_1.py
- /data/vulnerabilities/exploits/25328-3.pl
Solution / Fix
EFS Software Easy Chat Server Authentication Request Handling Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
EFS Software Easy Chat Server Authentication Request Handling Remote Buffer Overflow Vulnerability
References:
References:
- Easy Chat Software Home Page (EFS Software)