-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

NetChat HTTP Server Stack Overflow

RELEASE DATE:  May 16, 2004

DATE REPORTED:  May 12, 2004

RISK:    Medium

IMPACT:    Attackers may be able to execute
    arbitrary code with the privileges
    of the user running the applicaton.

VERSIONS:  <= 7.3

OVERVIEW:

  NetChat is an application intended to allow users on the same
  subnet to chat with one another.  It comes with an integrated
  web server for sharing files.  The web server in versions
  7.3 and earlier is vulnerable to a stack-based buffer overflow
  allowing for arbitrary code execution under the security
         context of the user running the application.

DETAILS:

  The overflow condition exists due to an unchecked call to
         _sprintf   when the HTTP server attempts to handle a GET
         request.  This allows the attacker to overwrite a pointer
         that is later referenced in the same function.

VENDOR STATUS:

  The vendor has released version 7.4 to address this
         vulnerability.

CREDIT:
  Discovery:     Marius Huse Jacobsen
           Email: mahuja@c2i.net
  Research/Exploit:   David Dewey
        Email: dbd@hushmail.com

THANKS:  skape - for your help with my questions on shellcode and
                 great help with the additional analysis.

RELATED LINKS:

  http://run.to/sz

FEEDBACK:

  Please send questions and comments to dbd@hushmail.com
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkCoIicACgkQ2oHGriYB1OlDFACeMiQQkVF5B1lDJybzUYiHo5fvRLoA
n3m3HC9QHp4EzCaP7Sudq/2FNBRR
=w/9d
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427