BigAnt Messenger AntServer Module HTTP Request Buffer Overflow - Security


Editor Login \| Register		Ekle

> World > Security

BigAnt Messenger AntServer Module HTTP Request Buffer Overflow - Security - World -

CWRedLight

(Date : 16.04.2008 21:59:06)

BigAnt Messenger AntServer Module HTTP Request Buffer Overflow

Secunia Advisory:	SA29831
Release Date:	2008-04-16

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Unpatched

Software:	BigAnt Messenger 2.x

Description:
Matteo Memelli has discovered a vulnerability in BigAnt Messenger, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the AntServer Module (AntServer.exe) and can be exploited to cause a stack-based buffer overflow e.g. by sending a specially crafted, overly long HTTP GET request to default port 6080/TCP.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 2.2. Other versions may also be affected.

Solution:
Restrict network access to the AntServer Module.

Provided and/or discovered by:
Matteo Memelli

Original Advisory:
http://milw0rm.com/exploits/5451

Derecelendir

Kaynak

http://secunia.com/advisories/29831/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS