DProxy DNS_Decode_Reverse_Name Buffer-Overflow Vulnerability
BID:23243
Info
DProxy DNS_Decode_Reverse_Name Buffer-Overflow Vulnerability
| Bugtraq ID: | 23243 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2007 12:00AM |
| Updated: | Apr 02 2007 10:22PM |
| Credit: | mu-b discovered this issue. |
| Vulnerable: |
Matthew Pratt dproxy-nexgen 1.c Matthew Pratt dproxy 0.5 Matthew Pratt dproxy 0.4 Matthew Pratt dproxy 0.3 Matthew Pratt dproxy 0.2 Matthew Pratt dproxy 0.1 |
| Not Vulnerable: | |
Discussion
DProxy DNS_Decode_Reverse_Name Buffer-Overflow Vulnerability
Dproxy is prone to a remote buffer-overflow vulnerability because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.
Exploiting this issue could lead to denial-of-service conditions and to the execution of arbitrary machine code with superuser privileges. A successful attack could result in the complete compromise of affected computers or routers/devices.
Version 1.c is vulnerable; other versions may also be affected.
Dproxy is prone to a remote buffer-overflow vulnerability because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer.
Exploiting this issue could lead to denial-of-service conditions and to the execution of arbitrary machine code with superuser privileges. A successful attack could result in the complete compromise of affected computers or routers/devices.
Version 1.c is vulnerable; other versions may also be affected.
Exploit / POC
DProxy DNS_Decode_Reverse_Name Buffer-Overflow Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
DProxy DNS_Decode_Reverse_Name Buffer-Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
DProxy DNS_Decode_Reverse_Name Buffer-Overflow Vulnerability
References:
References:
- dproxy Home Page (Matthew Pratt)