Several unchecked buffer exist within the product allowing for a diverse set of denial of
service exploits against the various supported protocols. For example, the FTP and POP3
"USER" commands, as well as the SMTP "HELO" all contain unchecked
buffers that can be overrun by sending 370 or more characters as the parameter string for
the commands. In addition, the SOCK4 "CONNECT" command buffer will overflow with
a parameter of 1800 characters or more.
AnalogX has released a new version
4.05 that corrects these problems.
CREDIT Discovered by Robin Keir and
Stuart McClure of Foundstone