Remote Buffer Overflow in Avirt Voice 4.0
Donato Ferrante
Application: Avirt Voice
http://www.avirt.com/
Version: 4.0
Bug: Remote Buffer Overflow
Author: Donato Ferrante
e-mail: fdonato@xxxxxxxxxxxxx
web: www.autistici.org/fdonato
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. Description
2. The bug
3. The code
4. The fix
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
----------------
1. Description:
----------------
Vendor's Description:
"Avirt Voice acts as an H.323 gateway between IP networks. It allows
users to operate H.323 applications, like Microsoft NetMeeting, Intel
Video Phone, or Netspeak Webphone, from behind a firewall.
Because Voice is a software solution, it is more easily scalable and
much less expensive than hardware alternatives."
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
2. The bug:
------------
The program doesn't well manage the received strings on the TCP port
1080. In fact it will have a buffer overflow.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------
3. The code:
-------------
To test the vulnerability simply send to the server ( port 1080 ) a
string like:
GET aaaa[ 1113 of a ]aaaa
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
4. The fix:
------------
Vendor was contacted.
Bug will be fixed in the next version of Avirt Voice.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx