-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NetChat HTTP Server Stack Overflow
RELEASE DATE: May 16, 2004
DATE REPORTED: May 12, 2004
RISK: Medium
IMPACT: Attackers may be able to execute
arbitrary code with the privileges
of the user running the applicaton.
VERSIONS: <= 7.3
OVERVIEW:
NetChat is an application intended to allow users on the same
subnet to chat with one another. It comes with an integrated
web server for sharing files. The web server in versions
7.3 and earlier is vulnerable to a stack-based buffer overflow
allowing for arbitrary code execution under the security
context of the user running the application.
DETAILS:
The overflow condition exists due to an unchecked call to
_sprintf when the HTTP server attempts to handle a GET
request. This allows the attacker to overwrite a pointer
that is later referenced in the same function.
VENDOR STATUS:
The vendor has released version 7.4 to address this
vulnerability.
CREDIT:
Discovery: Marius Huse Jacobsen
Email: mahuja_at_c2i.net
Research/Exploit: David Dewey
Email: dbd_at_hushmail.com
THANKS: skape - for your help with my questions on shellcode and
great help with the additional analysis.
RELATED LINKS:
http://run.to/sz
FEEDBACK:
Please send questions and comments to dbd_at_hushmail.com
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
wkYEARECAAYFAkCoIicACgkQ2oHGriYB1OlDFACeMiQQkVF5B1lDJybzUYiHo5fvRLoA
n3m3HC9QHp4EzCaP7Sudq/2FNBRR
=w/9d
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
Received on May 17 2004
Intro
