CAN 2002-0134
The first vulnerability is a buffer overflow in the
processing of HTTP headers in Avirt's web
proxy service. Remote attackers could exploit this condition
to execute arbitrary commands. Avirt Soho,
Gateway, and Gateway Suite version 4.2 and possibly earlier
versions are affected by this vulnerability.
CAN 2002-0133
The second vulnerability affects the telnet
proxy service. By connecting to the telnet service and
issuing a ls or dir command,
any remote user can view directory listings on the server.
Furthermore, by simply entering dos, the
remote user is presented with a DOS command prompt, thus gaining
the ability to execute arbitrary commands. No login name or
password is required to exploit these vulnerabilities.
The Avirt Gateway Suite version 4.2 and possibly earlier
versions are affected by this vulnerability. The Avirt Gateway
product itself is not affected.
CAN 2002-0134
The third and final vulnerability also affects the telnet
proxy service. A buffer overflow condition could allow any
remote user to execute arbitrary commands by entering a long,
specially crafted command at the telnet prompt. Avirt Gateway
and Gateway Suite version 4.2 and possibly earlier versions
are affected by this vulnerability.