Donato Ferrante Application: Avirt Voice http://www.avirt.com/ Version: 4.0 Bug: Remote Buffer Overflow Author: Donato Ferrante e-mail: fdonato@autistici.org web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description 2. The bug 3. The code 4. The fix xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ---------------- 1. Description: ---------------- Vendor's Description: "Avirt Voice acts as an H.323 gateway between IP networks. It allows users to operate H.323 applications, like Microsoft NetMeeting, Intel Video Phone, or Netspeak Webphone, from behind a firewall. Because Voice is a software solution, it is more easily scalable and much less expensive than hardware alternatives." xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------ 2. The bug: ------------ The program doesn't well manage the received strings on the TCP port 1080. In fact it will have a buffer overflow. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------- 3. The code: ------------- To test the vulnerability simply send to the server ( port 1080 ) a string like: GET aaaa[ 1113 of a ]aaaa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------ 4. The fix: ------------ Vendor was contacted. Bug will be fixed in the next version of Avirt Voice. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx