[NT] Buffer Overflow in AnalogX Proxy (Long URL)
From: SecuriTeam (support_at_securiteam.com)
Date: 05/26/03
- Previous message: SecuriTeam: "[UNIX] Admin Access Vulnerability in P-News (Records Injection)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 26 May 2003 19:50:01 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
In the US?
Contact Beyond Security at our new California office
housewarming rates on automated network vulnerability
scanning. We also welcome ISPs and other resellers!
Please contact us at: 323-882-8286 or ussales@beyondsecurity.com
- - - - - - - - -
Buffer Overflow in AnalogX Proxy (Long URL)
------------------------------------------------------------------------
SUMMARY
<http://www.analogx.com/> AnalogX Proxy is "a simple but effective proxy
server that has the ability to proxy requests for the following services:
HTTP, HTTPS, SOCKS4, SOCKS4a, SOCKS5, NNTP, POP3, SMTP, and FTP". A
vulnerability in the product allows remote attackers to crash the server
by sending an arbitrarily long URL.
DETAILS
Vulnerable systems:
* AnalogX version 4.13 and prior
Immune systems:
* AnalogX version 4.14
The buffer overflow occurs whenever a user supplies a URL of length
greater than 340 characters. In its default configuration the proxy
listens on all interfaces for proxy requests. In such a configuration,
anyone may cause the buffer overflow attack over the Internet by
connecting to TCP 6588 port and supplying an overly long URL. With a
specially crafted URL, it may be possible to manipulate the stack and
execute code of the attacker's choice. This code would naturally be
executed with the privileges with which AnalogX is running. In most cases,
these are Administrator privileges. The software strongly urges the user
to bind it to the internal private IP. This would leave it vulnerable only
to attacks from local users.
Vendor response:
The vendor responded quickly and patched up the software. The updated
version is available at
<http://www.analogx.com/contents/download/network/proxy.htm>
http://www.analogx.com/contents/download/network/proxy.htm. The immune
version is 4.14
ADDITIONAL INFORMATION
The information has been provided by <mailto:cto@nii.co.in> K. K.
Mookhey.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[UNIX] Admin Access Vulnerability in P-News (Records Injection)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
