mailing list archives
602Pro Lan Suite Web Admin Overflow
From: SNS Research <vuln-dev () greyhack com>
Date: Wed, 22 Nov 2000 20:22:05 +0100
Strumpf Noir Society Advisories
! Public release !
-= 602Pro Lan Suite Web Administration Overflow =-
Release date: Wednesday, November 22, 2000
Lan Suite is an cost-effective all-in-one application providing connection sharing, email and fax services for
networks. It offers remote administration capabilities through an integrated HTTP-server.
602Pro Lan Suite can be found at vendor Software602's website, http://www.software602.com
The remote administration component (webprox.dll) of this application is subject to a buffer overflow attack through a
lengthy GET command. If this request contains 1059 bytes or more it will overflow a buffer and allow the execution of
Vendor was contacted and has verified the problem. A new build (2000.0.1.33) has been released through Software602's
website. 602Pro Lan Suite 2000a build 2000.0.1.32 and earlier versions can be expected to be vulnerable. Users are
encouraged to obtain the new version asap.
SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.
EOF, but Strumpf Noir Society will return!
- 602Pro Lan Suite Web Admin Overflow SNS Research (Nov 24)