ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities Network Vulnerability

Summary

The host is running ActiveFax RAW Server and is prone to multiple buffer overflow vulnerabilities.

Impact

Successful exploitation will allow remote attackers to cause a denial of service. Impact Level: Application

Solution

Upgrade to ActiveFax 5.01 beta or later, For updates refer to http://www.actfax.com/download/beta/actfax_setup_en.exe

Insight

The flaws due to some boundary errors within the RAW server when processing the '@F000', '@F506', and '@F605' data fields can be exploited to cause stack-based buffer overflows by sending a specially crafted command to the server.

Affected

ActiveFax Version 5.01 build 0232 and prior

References

http://packetstormsecurity.com/files/120109
http://secunia.com/advisories/52096
http://www.exploit-db.com/exploits/24467
http://www.pwnag3.com/2013/02/actfax-raw-server-exploit.html
http://www.securelist.com/en/advisories/52096

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple iTunes 'itpc:' URI Buffer Overflow Vulnerability
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Linux)
BaoFeng Storm '.smpl' File Buffer Overflow Vulnerability
3CTftpSvc TFTP Server Long Mode Buffer Overflow Vulnerability
Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability

Take action and discover your vulnerabilities