[12850] in bugtraq
CommuniGatePro 3.1 for NT DoS
daemon@ATHENA.MIT.EDU (Nobuo Miwa)
Fri Dec 3 20:43:30 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <199912031226.EIB28426.XOB-NJ@lac.co.jp>
Date: Fri, 3 Dec 1999 12:26:07 -0500
Reply-To: Nobuo Miwa <n-miwa@LAC.CO.JP>
From: Nobuo Miwa <n-miwa@LAC.CO.JP>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Hi,
I reported a buffer overflow vulnerability on CommuniGatePro 3.1 for NT
to support@stalker.com. And they fixed immediately.
It's simple buffer overflow, actually.
1. connect to port 8010 (http configuration from remote browser)
2. send 70000 of 'a' + "\r\n"
3. connect to any port(25,8010,..) just like "telnet server 25"
4. Access violation
Their reply is following..
Fixed in the current 3.2 betas. Please install either the 3.2b5 or the
3.2b7 that should be out by Monday - 3.2b6 had many internal changes
and a couple of bugs have been found there.
<Nobuo Miwa> n-miwa@lac.co.jp ( @ @ ) http://www.lac.co.jp/security/
--------------------------o00o--(. .)--o00o--------------------------
