|
|
| |
| Lan Suite is a cost-effective all-in-one application providing connection sharing, email and fax services for networks. It offers remote administration capabilities through an integrated HTTP-server. A security vulnerability in the product allows remote attackers to overflow an internal buffer by sending a large GET request, and possibly exploit this to execute arbitrary code on the machine. |
| |
Credit:
The information has been provided by SNS Research.
|
| |
Vulnerable systems:
602Pro Lan Suite 2000a build 2000.0.1.32 and prior
Immune systems:
602Pro Lan Suite 2000.0.1.33
The remote administration component (webprox.dll) of 602Pro Lan Suite is subject to a buffer overflow attack through a large GET command. Sending a request containing 1059 bytes or more will cause a buffer overflow condition and allow the execution of arbitrary code.
Solution:
A new build (2000.0.1.33) has been released through Software602's website.
|
|
|
|
|
|
|
|
