
                             Luigi Auriemma

Application:  Foxit Remote Access Server (WAC Server)
Versions:     <= 2.0 Build 3503
Platforms:    Windows
Bugs:         A] telnet option heap overflow
              B] SSH packet heap overflow
Exploitation: remote
Date:         16 Feb 2008
Author:       Luigi Auriemma
              e-mail: [EMAIL PROTECTED]
              web:    aluigi.org


1) Introduction
2) Bugs
3) The Code
4) Fix


1) Introduction

WAC is a commercial SSH/telnet server for Windows.


2) Bugs

A] telnet option heap overflow

The WAC server is vulnerable to a heap overflow exploitable through the
usage of options longer than 260 bytes.

Note: this bug was wrongly reported by me as a crash and with a wrong
server version one month ago.

B] SSH packet heap overflow

The server is affected also by another heap overflow exploitable
through big SSH packets, anyway no deeper research has been performed
on this vulnerability.


3) The Code



4) Fix

No fix


Luigi Auriemma

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to