[VulnWatch] NII Advisory - Buffer Overflow in Analogx Proxy

• Previous message: Peter Winter-Smith: "[VulnWatch] P-News 1.16 Admin Access Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <bugtraq@securityfocus.com>, <full-disclosure@lists.netsys.com>, <vulnwatch@vulnwatch.org>
Date: Mon, 26 May 2003 19:41:38 +0530

===============================================
Buffer Overflow In Analogx Proxy 4.13
Vendor: Analogx
Versions affected: Proxy 4.13
Date: 26th May 2003
Type of Vulnerability: Remotely Exploitable Buffer Overflow
Severity: High
By: Network Intelligence India www.nii.co.in
===============================================

I. BACKGROUND
"AnalogX Proxy is a small and simple server that allows any other machine on your local network to route it's requests through a central machine. It supports HTTP (web), HTTPS (secure web), POP3 (recieve mail), SMTP (send mail), NNTP (newsgroups), FTP (file transfer), and Socks4/4a and partial Socks5 (no UDP) protocols. It works with Internet Explorer, Netscape, AOL, AOL Instant Messenger, Microsoft Messenger, and many more. "

When the AnalogX Proxy is supplied with a URL greater than 340 characters it crashes with a buffer overflow. A specially crafted URL allows remote execution of arbitrary code.

II. DESCRIPTION
The buffer overflow occurs when a user supplies a URL of length greater than 340 characters.
In its default configuration the proxy listens on all interfaces for proxy requests. In such a configuration, anyone may cause the buffer overflow attack over the Internet by connecting to TCP 6588 port and supplying an overly long URL. With a specially crafted URL, it may be possible to manipulate the stack and execute code of the attacker's choice. This code would naturally be executed with the privileges with which AnalogX is running. In most cases, these are Administrator privileges. The software strongly urges the user to bind it to the internal private IP. This would leave it vulnerable only to attacks from local users.

III. VENDOR RESPONSE
The vendor responded quickly and patched up the software. The updated version is available at http://www.analogx.com/contents/download/network/proxy.htm The updated version number is 4.14

IV. About NII
Network Intelligence India develops host-based security auditing software called the AuditPro suite. Further details are available at http://www.nii.co.in/products.html Our latest product is one of the most comprehensive security auditing products for MS SQL Servers http://nii.co.in/software/apsql.html We also provide Penetration Testing, Software Security Testing and other Security Services http://www.nii.co.in/services.html

• Previous message: Peter Winter-Smith: "[VulnWatch] P-News 1.16 Admin Access Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]