Avirt Soho Server HTTP GET Buffer Overrun Vulnerability
BID:9722
Info
Avirt Soho Server HTTP GET Buffer Overrun Vulnerability
| Bugtraq ID: | 9722 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0316 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 23 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery is credited to "Donato Ferrante" <[email protected]>. |
| Vulnerable: |
Avirt SOHO 4.3 |
| Not Vulnerable: | |
Discussion
Avirt Soho Server HTTP GET Buffer Overrun Vulnerability
Avirt Soho is prone to a remotely exploitable buffer overrun when handling HTTP GET requests of excessive length via the embedded server component listening on TCP port 1080. This may crash the server or could allow for remote attackers to execute arbitrary code in the context of the server process.
This issue was reported in Avirt Soho 4.3. Other versions may also be affected.
Avirt Soho is prone to a remotely exploitable buffer overrun when handling HTTP GET requests of excessive length via the embedded server component listening on TCP port 1080. This may crash the server or could allow for remote attackers to execute arbitrary code in the context of the server process.
This issue was reported in Avirt Soho 4.3. Other versions may also be affected.
Exploit / POC
Avirt Soho Server HTTP GET Buffer Overrun Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Avirt Soho Server HTTP GET Buffer Overrun Vulnerability
Solution:
It has been reported that this issue will be addressed in the next release of the software. This has not been confirmed by Symantec.
---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It has been reported that this issue will be addressed in the next release of the software. This has not been confirmed by Symantec.
---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Avirt Soho Server HTTP GET Buffer Overrun Vulnerability
References:
References:
- Avirt Homepage (Avirt)
- Multiple Remote Buffer Overflow in Avirt Soho 4.3 ("Donato Ferrante"