Bugtraq mailing list archives
AnalogX Proxy Server Buffer Overflow Vulnerability
From: Elias Levy <aleph1 () SECURITYFOCUS COM>
Date: Thu, 23 Nov 2000 10:02:32 -0800
From "zer0-logic" <zer0logic () privacyx com>:
Network Security Solutions Inc. Security Advisory ( Philippine based Security Company ) Http://www.nssolution.net Http://connect.to/nssi ]** AnalogX Proxy Server DoS/Buffer Overflow Vulnerabilty **[ Author: Abraham Lincoln H. Handle: zer0logic Email : Abraham () Nssolution net, zer0logic () Privacyx Com lincoln () privacyX com, KnowledgeBase () Lycos com Date Discovered: November 15, 2000 Vendor: AnalogX.Com Version Affected: AnalogX Proxy Server release 4.10 for Win 95 / 98 / NT / Win2k Local : Yes Remote: Yes Risk: High Problem Description: NSSI Team has discovered a Local/Remote Buffer Overflow/DoS Vulnerabiltiy on AnalogX Proxy Server that could allow a Malicious Attacker to disable the whole proxy server by just attacking a single analogX proxy service. Vulnerable Proxy Services; FTP, POP3, SMTP and Proxy Logger The Problem lies when FTP Service is ON and Logging is enabled or disabled, or SMTP Service is ON and Logging is enabled or disabled, POP3 Service is ON and logging is enabled. When the Attacker Sends a Multiple Abnormal Strings to a certain affected service it causes the whole Proxy to Shutd0wn. the proxy needs to re-start again to perform normal operation. OUTPUT Error Message when Logging is Disabled: FTP Service error msg.: ABORT: Memory corrupt before (10241) (PROTO\ftp.c\523) SMTP Service error msg.: ABORT: Memory corrupt before (10241) (PROTO\smtp.c\379) OUTPUT Error message when Logging is Enabled: FTP Service error msg.: ABORT: Last String too large for Buffer (1509 > 1024) (log.c/114) POP3 Service error msg.: ABORT: Last String too large for Buffer (1509 > 1024) (log.c/114) SMTP Service error msg.: ABORT: Last String too large for Buffer (10301 > 1024) (log.c/114) NOT Affected Services: HTTP Proxy: 6588 Socks Proxy: 1080 NNTP: 119 Work Around: Disable FTP Proxy service Disable SMTP Proxy service Disable POP3 Proxy service if Logging is enabled Vendor Status: AnalogX has been notified of this Vulnerability but no patch has been issued. Related Links: Http://www.nssolution.net Http://connect.to/nssi Feedback and Inquiries: If you have any questions, inquiries, feedback, concerns and updates pls don't hesitate to email us. For Inquiries,Concerns and updates - Info () nssolution net for Comments and Questions - Abraham () nssolution net, lincoln () privacyx com zer0logic () privacyx com Disclaimer: This paper is intended for informational purpose only. We are not responsible for the the Use and/or potential effects of these advisories. Read this at your own risk or not at all. Copyright(c) 2000-2001 Network Security Solutions Inc. Permission is herby granted for the redistribution of this alert electronically. if you wish to reprint or modify this document Contact us 1st or email us at: info () nssolution net
Current thread:
- AnalogX Proxy Server Buffer Overflow Vulnerability Elias Levy (Nov 30)