Detections
Analytics

Now SMS/MMS Gateway < 2008.02.22 Multiple Remote Overflows

critical Nessus Plugin ID 32481

Synopsis

A remote Windows host contains a program that is affected by multiple buffer overflow vulnerabilities.

Description

The remote host is running Now SMS/MMS Gateway, a tool for connecting to SMS and/or MMS messaging providers and managing GSM modems.

The web interface component of the version of Now SMS/MMS Gateway installed on the remote host contains a stack-based buffer overflow that can be triggered using a specially crafted HTTP Authorization request header. An unauthenticated, remote attacker can leverage this issue to crash the affected service or to execute arbitrary code on the affected host subject to the privileges under which the service operates, SYSTEM by default.

In addition, there is similar buffer overflow in the application's SMPP server, which allocates a stack buffer of 4 KB for incoming packets but fails to check their actual size. By default, though, this service is not enabled.

Solution

Upgrade to Now SMS/MMS Gateway version 2008.02.22 or later.

See Also

http://aluigi.altervista.org/adv/nowsmsz-adv.txt

https://support.nowsms.com/discus/messages/53/23641.html

http://blog.nowsms.com/2008/02/nowsms-2008-and-important-security.html

Plugin Details

Severity: Critical

ID: 32481

File Name: nowsms_2008_02_22.nasl

Version: 1.16

Type: local

Agent: windows

Family: Windows

Published: 6/2/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

Core Impact

Metasploit (Now SMS/MMS Gateway Buffer Overflow)

Reference Information

CVE: CVE-2008-0871

BID: 27896

CWE: 119

Secunia: 29003