ActFax Server Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A stack-based buffer overflow vulnerability has been identified in ActFax Server version 5.01. The issue arises in the server's RAW protocol interface, which improperly handles user-supplied data in the @F506 fax header fields due to the unsafe use of string copy functions. This vulnerability can be exploited by remote attackers who send specially crafted @F506 fields, potentially leading to arbitrary code execution. Exploitation requires network access to TCP port 4559 and does not involve authentication.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server.

Reproduction

The vulnerability can be reproduced by sending a fax through the RAW protocol interface, using the @F506 data field. The fax server must be running ActFax Server version 5.01. The exploit can be executed using a Metasploit module designed for this vulnerability, which automates the process of sending the crafted @F506 field to the server.

Remediation

Users are advised to update to the beta version of ActFax that addresses this vulnerability, available on the ActFax website.