SB2017061216 - Multiple vulnerabilities in Easy Chat Server

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2019-20502)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter.

2) Information disclosure (CVE-ID: CVE-2017-9557)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.

3) Improper Authentication (CVE-ID: CVE-2017-9543)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.

4) Buffer overflow (CVE-ID: CVE-2017-9544)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.

Remediation

Install update from vendor's website.

References

• https://github.com/s1kr10s/EasyChatServer-DOS
• https://www.exploit-db.com/exploits/42153/
• https://www.exploit-db.com/exploits/42154/
• https://www.exploit-db.com/exploits/42155/