[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : 602Pro Lan Suite Web Administration Overflow

Title: 602Pro Lan Suite Web Administration Overflow
Released by: Strumpf Noir Society
Date: 22nd November 2000
Printable version: Click here
Strumpf Noir Society Advisories

! Public release !

<--#



-= 602Pro Lan Suite Web Administration Overflow =-



Release date: Wednesday, November 22, 2000





Introduction:



Lan Suite is an cost-effective all-in-one application providing connection sharing, email and fax services for networks. It offers remote administration capabilities through an integrated HTTP-server.



602Pro Lan Suite can be found at vendor Software602's website, http://www.software602.com





Problem:



The remote administration component (webprox.dll) of this application is subject to a buffer overflow attack through a lengthy GET command. If this request contains 1059 bytes or more it will overflow a buffer and allow the execution of arbitrary code.





(..)





Solution:



Vendor was contacted and has verified the problem. A new build (2000.0.1.33) has been released through Software602's website. 602Pro Lan Suite 2000a build 2000.0.1.32 and earlier versions can be expected to be vulnerable. Users are encouraged to obtain the new version asap.





yadayadayada



SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)

compliant, all information is provided on AS IS basis.



EOF, but Strumpf Noir Society will return!








(C) 1999-2000 All rights reserved.