COMMAND

    602Pro Lan Suite Web Admin

SYSTEMS AFFECTED

    602Pro Lan Suite Web Admin

PROBLEM

    Following is  based on  a Strumpf  Noir Society  Advisories.   Lan
    Suite  is  an  cost-effective  all-in-one  application   providing
    connection  sharing,  email  and  fax  services  for networks.  It
    offers remote  administration capabilities  through an  integrated
    HTTP-server.    602Pro  Lan   Suite  can   be  found   at   vendor
    Software602's website.

    The  remote   administration  component   (webprox.dll)  of   this
    application  is  subject  to  a  buffer  overflow attack through a
    lengthy GET command.  If this request contains 1059 bytes or  more
    it will  overflow a  buffer and  allow the  execution of arbitrary
    code.

SOLUTION

    Vendor was contacted  and has verified  the problem.   A new build
    (2000.0.1.33)  has  been  released  through Software602's website.
    602Pro Lan Suite 2000a build 2000.0.1.32 and earlier versions  can
    be expected to be vulnerable.  Users are encouraged to obtain  the
    new version asap.