-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

NetChat HTTP Server Stack Overflow

RELEASE DATE:	May 16, 2004

DATE REPORTED:	May 12, 2004

RISK:		Medium

IMPACT:		Attackers may be able to execute
		arbitrary code with the privileges
		of the user running the applicaton.

VERSIONS:	<= 7.3

OVERVIEW:

	NetChat is an application intended to allow users on the same
	subnet to chat with one another.  It comes with an integrated
	web server for sharing files.  The web server in versions
	7.3 and earlier is vulnerable to a stack-based buffer overflow
	allowing for arbitrary code execution under the security
         context of the user running the application.

DETAILS:

	The overflow condition exists due to an unchecked call to
         _sprintf 	when the HTTP server attempts to handle a GET
         request.  This allows the attacker to overwrite a pointer
         that is later referenced in the same function.

VENDOR STATUS:

	The vendor has released version 7.4 to address this
         vulnerability.

CREDIT:
	Discovery: 	  Marius Huse Jacobsen
		   	  Email: mahuja@c2i.net
	Research/Exploit:   David Dewey
			  Email: dbd@hushmail.com

THANKS:	skape - for your help with my questions on shellcode and
                 great help with the additional analysis.

RELATED LINKS:

	http://run.to/sz

FEEDBACK:

	Please send questions and comments to dbd@hushmail.com
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkCoIicACgkQ2oHGriYB1OlDFACeMiQQkVF5B1lDJybzUYiHo5fvRLoA
n3m3HC9QHp4EzCaP7Sudq/2FNBRR
=w/9d
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427