[Full-disclosure] 3proxy 0.5.3j released (bugfix)

From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Date: Tue, 23 Oct 2007 23:08:51 +0400

3proxy ( http://3proxy.ru/ ) is multi-platform (Windows, Linux, Unix)
multi-protocol proxy server with abilities to mange traffic flows and
bandwidths, convert requests between different proxy types,
authenticate, authorize, control, limit and account users access and
more.

3proxy 0.5.3j version was released, to address double free()
vulnerability in FTP proxy module (ftppr) reported by Venustech AD-LAB
(CVE-2007-5622). Vulnerable 3proxy versions are 0.5 - 0.5.3i. Current
branch (0.6) is not affected.

3proxy 0.5.3j can be downloaded from http://3proxy.ru/download/

Because of programming error resulting in double free() vulnerability
during the handling of "OPEN" FTP proxy request, it may be possible to
crash 3proxy service by repeating this request. Reliable code execution
doesn't seem possible.

FTP proxy is special non-standard (no RFC specification) type of proxy
server with extended RFC 959 command set, compatible with only few
graphical FTP clients. It's not compatible with browsers, because
browsers use different, FTP over HTTP proxy. FTP proxy is not commonly
used.

Vulnerability requires 'ftppr' service to be manually enabled in 3proxy
configuration file or special 'ftppr' application executed. No over
services (SOCKS, HTTP including FTP over HTTP proxy, POP3, TCP and UDP
portmapping, etc) are affected.

Vulnerability is of pre-authentication type, but, because FTP proxy in
3proxy 0.5x branch doesn't support reverse proxing, it should never be
accessible from Internet. Web scenario with exploitation through the
legitimate client is also impossible. Under typical configuration, the
scope of this vulnerability is limited to local network.

--
http://securityvulns.com/
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
|/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [SECURITY] [DSA 1393-1] New xfce4-terminal packages fix arbitrary command execution
Next by Date: [Full-disclosure] [USN-531-2] dhcp vulnerability
Previous by thread: [Full-disclosure] [SECURITY] [DSA 1393-1] New xfce4-terminal packages fix arbitrary command execution
Next by thread: [Full-disclosure] [USN-531-2] dhcp vulnerability
Index(es):
- Date
- Thread

Relevant Pages

3proxy 0.5.3j released (bugfix)
... bandwidths, convert requests between different proxy types, ... vulnerability in FTP proxy module reported by Venustech AD-LAB ... crash 3proxy service by repeating this request. ...
(Bugtraq)
Firewall on CD; DMZ/routing problem
... It is basically Squid Proxy, ... ipchains and ftp proxy etc on a cd with a config floppy. ... The Firewall has another interface for the LAN ... question and of course any suggestion to solve my second question. ...
(comp.os.linux.security)
new ftp proxy: pftpx
... PF has now a good ftp proxy, somebody has got this working on freebsd? ... > The proxy allows data connections to pass, ... > In case of active mode (PORT or EPRT): ...
(freebsd-current)
Re: We dont really need two FTP daemons
... What about proxy? ... I've never been sure which ftpd to run on my gateway (with IPFW, with no NAT) ... so internal hosts could cd /usr/ports; ... He really needs either ftp proxy (and redirect all ftp traffic ...
(freebsd-current)
[Full-disclosure] Evading URL Filtering(websense) software configured in Transparent (or Sniffing) m
... Evading URL Filtering software configured in Transparent mode, ... but Websense has been informed in December ... They also had a copy of this proxy script for over ... Websense looks at this request and answers yes or no ...
(Full-Disclosure)