Avirt Voice HTTP GET Remote Buffer Overrun Vulnerability
BID:9721
Info
Avirt Voice HTTP GET Remote Buffer Overrun Vulnerability
| Bugtraq ID: | 9721 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0315 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 23 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery is credited to "Donato Ferrante" <[email protected]>. |
| Vulnerable: |
Avirt Voice 4.0 |
| Not Vulnerable: | |
Discussion
Avirt Voice HTTP GET Remote Buffer Overrun Vulnerability
Avirt Voice is prone to a remotely exploitable buffer overrun when handling HTTP GET requests of excessive length via the embedded server component listening on TCP port 1080. This may crash the server or could allow for remote attackers to execute arbitrary code in the context of the server process.
This issue was reported in Avirt Voice 4.0. Other versions may also be affected.
Avirt Voice is prone to a remotely exploitable buffer overrun when handling HTTP GET requests of excessive length via the embedded server component listening on TCP port 1080. This may crash the server or could allow for remote attackers to execute arbitrary code in the context of the server process.
This issue was reported in Avirt Voice 4.0. Other versions may also be affected.
Exploit / POC
Avirt Voice HTTP GET Remote Buffer Overrun Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Avirt Voice HTTP GET Remote Buffer Overrun Vulnerability
Solution:
It has been reported that this issue will be addressed in the next release of the software. This has not been confirmed by Symantec.
---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It has been reported that this issue will be addressed in the next release of the software. This has not been confirmed by Symantec.
---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Avirt Voice HTTP GET Remote Buffer Overrun Vulnerability
References:
References:
- Avirt Homepage (Avirt)
- Remote Buffer Overflow in Avirt Voice 4.0 ("Donato Ferrante"