Multiple Remote Buffer Overflow in Avirt Soho 4.3

["Donato Ferrante" <fdonato () autistici org>]

                           Donato Ferrante


Application:  Avirt Soho
              http://www.avirt.com/

Version:      4.3

Bugs:         Multiple Remote Buffer Overflow

Author:       Donato Ferrante
              e-mail: fdonato () autistici org
              web:    www.autistici.org/fdonato



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bugs
3. The code
4. The fix



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"Developed for the home or small office, Soho installs in minutes!
Its intuitive wizards and simple interface automate the setup process
and make maintenance a snap. Don't worry if you're new to networking
or Internet sharing - Avirt Soho does all the work!"



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
2. The bugs:
-------------

The program doesn't well manage the received strings on the TCP ports:
[1] 1080 and [2] 8080. In fact it will have a buffer overflow.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

[1]

To test the vulnerability simply send to the server ( port 1080 ) a
string like:

GET aaaa[ 1113 of a ]aaaa


[2]

To test the vulnerability on the web service send to the server
( port 8080 ) a string like:

GET %%%%[ 2061 of % ]%%%% HTTP/1.1



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

Vendor was contacted.
Bugs will be fixed in the next version of Avirt Soho.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx