Security Advisories | Buffer Overflow | Analogx Proxy 4.13 Buffer Overflow Vulnerability

Vendor: Analog
Version Affected: Proxy 4.13
Type: Remotely Exploitable Buffer Overflow
Severity: High
Date released: 16th May 2003

Background
AnalogX Proxy is a small and simple server that allows any other machine on your local network to route it's requests through a central machine. It supports HTTP (web), HTTPS (secure web), POP3 (recieve mail), SMTP (send mail), NNTP (newsgroups), FTP (file transfer), and Socks4/4a and partial Socks5 (no UDP) protocols. It works with Internet Explorer, Netscape, AOL, AOL Instant Messenger, Microsoft Messenger, and many more.
When the AnalogX Proxy is supplied with a URL greater than 340 characters it crashes with a buffer overflow. A specially crafted URL allows remote execution of arbitrary code.

I. Description
The buffer overflow occurs when a user supplies a URL of length greater than 340 characters. In its default configuration the proxy listens on all interfaces for proxy requests. In such a configuration, anyone may cause the buffer overflow attack over the Internet by connecting to TCP 6588 port and supplying an overly long URL. With a specially crafted URL, it may be possible to manipulate the stack and execute code of the attacker's choice. This code would naturally be executed with the privileges with which AnalogX is running. In most cases, these are Administrator privileges. The software strongly urges the user to bind it to the internal private IP. This would leave it vulnerable only to attacks from local users.

II. Vendor's Response
The vendor responded quickly and patched up the software. The updated version is available at http://www.analogx.com/contents/download/network/proxy.htm
The updated version number is 4.14.



Advisory Listing

SQL Injections

Buffer Overflows

Information Disclosure, Path Disclosure

Denial of Service

User Enumeration

Password Disclosure

Network Intelligence (I) Pvt. Ltd. © 2004 | Copyright | Disclaimer
info@niiconsulting.com