PT-2010-1470 · Bigant · Bigant Server
Blake
+1
·
Published
2010-03-03
·
Updated
2017-09-19
·
CVE-2009-4660
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
BigAnt IM Server version 2.50
Description
The issue is a stack-based buffer overflow in the AntServer Module, allowing remote attackers to execute arbitrary code. This can be achieved by sending a long GET request to the "TCP port 6660" endpoint.
Recommendations
For BigAnt IM Server version 2.50, consider restricting access to the AntServer Module until a patch is available. As a temporary workaround, limit the length of GET requests to TCP port 6660 to prevent exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bigant Server