lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 26 May 2003 19:41:38 +0530
From: "K. K. Mookhey" <cto@....co.in>
To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.netsys.com>,
   <vulnwatch@...nwatch.org>
Subject: NII Advisory - Buffer Overflow in Analogx Proxy


===============================================
Buffer Overflow In Analogx Proxy 4.13
Vendor: Analogx 
Versions affected: Proxy 4.13 
Date: 26th May 2003 
Type of Vulnerability: Remotely Exploitable Buffer Overflow 
Severity: High 
By: Network Intelligence India www.nii.co.in
===============================================


I. BACKGROUND 
"AnalogX Proxy is a small and simple server that allows any other machine on your local network to route it's requests through a central machine. It supports HTTP (web), HTTPS (secure web), POP3 (recieve mail), SMTP (send mail), NNTP (newsgroups), FTP (file transfer), and Socks4/4a and partial Socks5 (no UDP) protocols. It works with Internet Explorer, Netscape, AOL, AOL Instant Messenger, Microsoft Messenger, and many more. "

When the AnalogX Proxy is supplied with a URL greater than 340 characters it crashes with a buffer overflow. A specially crafted URL allows remote execution of arbitrary code. 


II. DESCRIPTION 
The buffer overflow occurs when a user supplies a URL of length greater than 340 characters. 
In its default configuration the proxy listens on all interfaces for proxy requests. In such a configuration, anyone may cause the buffer overflow attack over the Internet by connecting to TCP 6588 port and supplying an overly long URL. With a specially crafted URL, it may be possible to manipulate the stack and execute code of the attacker's choice. This code would naturally be executed with the privileges with which AnalogX is running. In most cases, these are Administrator privileges. The software strongly urges the user to bind it to the internal private IP. This would leave it vulnerable only to attacks from local users. 


III. VENDOR RESPONSE
The vendor responded quickly and patched up the software. The updated version is available at http://www.analogx.com/contents/download/network/proxy.htm The updated version number is 4.14 


IV. About NII
Network Intelligence India develops host-based security auditing software called the AuditPro suite. Further details are available at http://www.nii.co.in/products.html Our latest product is one of the most comprehensive security auditing products for MS SQL Servers http://nii.co.in/software/apsql.html We also provide Penetration Testing, Software Security Testing and other Security Services http://www.nii.co.in/services.html 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ