[<prev] [next>] [day] [month] [year] [list]
Message-ID: <17910185115.20071023230851@SECURITY.NNOV.RU>
Date: Tue, 23 Oct 2007 23:08:51 +0400
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: 3proxy 0.5.3j released (bugfix)
3proxy ( http://3proxy.ru/ ) is multi-platform (Windows, Linux, Unix)
multi-protocol proxy server with abilities to mange traffic flows and
bandwidths, convert requests between different proxy types,
authenticate, authorize, control, limit and account users access and
more.
3proxy 0.5.3j version was released, to address double free()
vulnerability in FTP proxy module (ftppr) reported by Venustech AD-LAB
(CVE-2007-5622). Vulnerable 3proxy versions are 0.5 - 0.5.3i. Current
branch (0.6) is not affected.
3proxy 0.5.3j can be downloaded from http://3proxy.ru/download/
Because of programming error resulting in double free() vulnerability
during the handling of "OPEN" FTP proxy request, it may be possible to
crash 3proxy service by repeating this request. Reliable code execution
doesn't seem possible.
FTP proxy is special non-standard (no RFC specification) type of proxy
server with extended RFC 959 command set, compatible with only few
graphical FTP clients. It's not compatible with browsers, because
browsers use different, FTP over HTTP proxy. FTP proxy is not commonly
used.
Vulnerability requires 'ftppr' service to be manually enabled in 3proxy
configuration file or special 'ftppr' application executed. No over
services (SOCKS, HTTP including FTP over HTTP proxy, POP3, TCP and UDP
portmapping, etc) are affected.
Vulnerability is of pre-authentication type, but, because FTP proxy in
3proxy 0.5x branch doesn't support reverse proxing, it should never be
accessible from Internet. Web scenario with exploitation through the
legitimate client is also impossible. Under typical configuration, the
scope of this vulnerability is limited to local network.
--
http://securityvulns.com/
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
|/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists