COMMAND

    SubSeven

SYSTEMS AFFECTED

    SubSeven 2.1a

PROBLEM

    Andrew Griffiths found following.   There is a buffer overflow  in
    Subseven 2.1a.  It happens when  you tell the server to execute  a
    dos command > 315  chars long.  Depending  on how long it  is, you
    can get it to  quit quietly (not sure  how long) plain crash  (eip
    not written over) or trash every variable there. (Around 4000?)

    An interesting side effect seems  to be that stops connections  to
    139.   The default  install port is 27374, (assuming  no password)
    type DOS xxxxx(lot's x's)xxxxx and the connection should drop.

SOLUTION

    Nothing yet.