Home page logo

bugtraq logo Bugtraq mailing list archives

Foundstone Advisory - Buffer Overflow in AnalogX SimpleServer:Shout (fwd)
From: Dave Ahmad <da () securityfocus com>
Date: Wed, 26 Jun 2002 15:15:48 -0600 (MDT)

Dave Ahmad

---------- Forwarded message ----------
Return-Path: <labs () foundstone com>
Delivered-To: da () securityfocus com
Received: (qmail 7641 invoked from network); 26 Jun 2002 21:07:49 -0000
Received: from unknown (HELO mission.foundstone.com) (
  by mail.securityfocus.com with SMTP; 26 Jun 2002 21:07:49 -0000
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable
Subject: Foundstone Advisory - Buffer Overflow in AnalogX SimpleServer:Shout
Date: Wed, 26 Jun 2002 14:12:35 -0700
Message-ID: <9DC8A3D37E31E043BD516142594BDDFAC47556 () MISSION foundstone com>
Thread-Topic: Foundstone Advisory - Buffer Overflow in AnalogX
Thread-Index: AcIcmwywcmq21NfgTGGmQti1qTYfMAAux8jA
From: "Foundstone Labs" <labs () foundstone com>
To: <da () securityfocus com>

FS Advisory ID:                 FS-062502-22-AXSH

Release Date:                   June 25, 2002

Product:                        AnalogX SimpleServer:Shout

Vendor:                         AnalogX (http://www.analogx.com)

Vendor Advisory:                See vendor web site

Type:                           Buffer Overflow

Severity:                       High

Author:                         Robin Keir (robin.keir () foundstone com)
                                Foundstone, Inc.

Operating Systems:              Windows variants

Vulnerable versions:            SimpleServer:Shout v1.0

Foundstone Advisory:            http://www.foundstone.com/advisories.htm


A buffer overflow exists in AnalogX's SimpleServer:Shout software.
Exploitation of this vulnerability allows remote execution of arbitrary
code with the privileges of the Shout daemon (default is SYSTEM).


Sending a fake request to the target system on TCP port 8001 consisting
of a packet of 348 or more non-space characters followed by 2 carriage
return linefeeds causes a write access violation in the application.
Manually dismissing the application error message box that is displayed
on the affected system at this point will terminate the process. If the
message box is not manually dismissed,, repeated sending of the request
causes repeated access violation message boxes to appear on the affected
system to the point where the service no longer responds.

Different number of bytes sent cause different error conditions to
occur, such as write access violations and Watcom memory error dialogs
to appear.


Refer to the vendor's web site for further details:


Foundstone would like to thank AnalogX for their prompt response and
handling of this problem.


The information contained in this advisory is copyright (c) 2002
Foundstone, Inc. and is believed to be accurate at the time of
publishing, but no representation of any warranty is given, express, or
implied as to its accuracy or completeness. In no event shall the author
or Foundstone be liable for any direct, indirect, incidental, special,
exemplary or consequential damages resulting from the use or misuse of
this information.  This advisory may be redistributed, provided that no
fee is assigned and that the advisory is not modified in any way.

  By Date           By Thread  

Current thread:
  • Foundstone Advisory - Buffer Overflow in AnalogX SimpleServer:Shout (fwd) Dave Ahmad (Jun 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]