BID:2217

Tinyproxy Heap Overflow Vulnerability

Info

Tinyproxy Heap Overflow Vulnerability

Bugtraq ID:	2217
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Jan 17 2001 12:00AM
Updated:	Jan 17 2001 12:00AM
Credit:	Reported to bugtraq by <[email protected]> on Wed, 17 Jan 2001.
Vulnerable:	tinyproxy tinyproxy 1.3.3 tinyproxy tinyproxy 1.3.2

Not Vulnerable:

Discussion

Tinyproxy Heap Overflow Vulnerability

Versions 1.3.2 and 1.3.3 of tinyproxy, a small HTTP proxy, exhibit a vulnerability to heap overflow attacks.

A failure to properly validate user-supplied input which arguments a call to sprintf() can allow unexpectedly large amounts of input to a buffer (used to display error messages) to be written past the boundary of the allocated space on the heap.

As a result, it may be possible to execute a denial of service attack, or even to execute arbitrary commands if certain internal memory structures can be successfully overwritten.

Exploit / POC

Tinyproxy Heap Overflow Vulnerability

The following exploit was provided by <[email protected]> on Wed, 17 Jan 2001:

/data/vulnerabilities/exploits/PKCtiny-ex.c

Solution / Fix

Tinyproxy Heap Overflow Vulnerability

Solution:
Fixed v.1.3.3a is available at http://tinyproxy.sourceforge.net/tinyproxy-1.3.3a.tar.gz

tinyproxy tinyproxy 1.3.2

SourceForge tinyproxy-1.3.3a.tar.gz
http://tinyproxy.sourceforge.net/tinyproxy-1.3.3a.tar.gz

tinyproxy tinyproxy 1.3.3

SourceForge tinyproxy-1.3.3a.tar.gz
http://tinyproxy.sourceforge.net/tinyproxy-1.3.3a.tar.gz

References

Tinyproxy Heap Overflow Vulnerability

References: