Frox Access Control List Bypass Vulnerability
BID:12493
Info
Frox Access Control List Bypass Vulnerability
| Bugtraq ID: | 12493 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 08 2005 12:00AM |
| Updated: | Feb 08 2005 12:00AM |
| Credit: | This vulnerability was announced by the vendor. |
| Vulnerable: |
frox frox 0.7.17 frox frox 0.7.16 |
| Not Vulnerable: |
frox frox 0.7.18 |
Discussion
Frox Access Control List Bypass Vulnerability
It is reported that an ACL bypass vulnerability exists in frox because frox fails to parse 'Deny' ACL entries correctly.
This may lead to a false sense of security because ftp clients may use the frox proxy to access services that a network administrator intended to block.
This vulnerability is reported to exist in frox versions 0.7.16 and 0.7.17.
It is reported that an ACL bypass vulnerability exists in frox because frox fails to parse 'Deny' ACL entries correctly.
This may lead to a false sense of security because ftp clients may use the frox proxy to access services that a network administrator intended to block.
This vulnerability is reported to exist in frox versions 0.7.16 and 0.7.17.
Exploit / POC
Frox Access Control List Bypass Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Frox Access Control List Bypass Vulnerability
Solution:
The vendor has released an update to address this vulnerability:
frox frox 0.7.16
frox frox 0.7.17
Solution:
The vendor has released an update to address this vulnerability:
frox frox 0.7.16
-
frox frox-0.7.18.tar.gz
http://frox.sourceforge.net/download/frox-0.7.18.tar.gz
frox frox 0.7.17
-
frox frox-0.7.18.tar.gz
http://frox.sourceforge.net/download/frox-0.7.18.tar.gz
References
Frox Access Control List Bypass Vulnerability
References:
References:
- Frox 0.7.18 - security fixes. (frox)
- frox homepage (frox)