3proxy HTTP Proxy Request Buffer Overflow Vulnerability
BID:23545
Info
3proxy HTTP Proxy Request Buffer Overflow Vulnerability
| Bugtraq ID: | 23545 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2031 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 17 2007 12:00AM |
| Updated: | Dec 19 2007 04:21PM |
| Credit: | The Vendor disclosed this vulnerability. |
| Vulnerable: |
Gentoo net-proxy/3proxy 0.5.3g 3proxy 3proxy 0.6b devel 20061014 3proxy 3proxy 0.5.3g 3proxy 3proxy 0.5 |
| Not Vulnerable: |
Gentoo net-proxy/3proxy 0.5.3h 3proxy 3proxy 0.6b devel 20070413 3proxy 3proxy 0.5.3h |
Discussion
3proxy HTTP Proxy Request Buffer Overflow Vulnerability
3proxy is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Attackers can exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code with the privileges of the application.
3proxy 0.5 to 0.5.3g and 0.6b-devel before 20070413 are vulnerable to this issue.
3proxy is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.
Attackers can exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code with the privileges of the application.
3proxy 0.5 to 0.5.3g and 0.6b-devel before 20070413 are vulnerable to this issue.
Exploit / POC
3proxy HTTP Proxy Request Buffer Overflow Vulnerability
The following exploits are available:
The following exploits are available:
Solution / Fix
3proxy HTTP Proxy Request Buffer Overflow Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
3proxy HTTP Proxy Request Buffer Overflow Vulnerability
References:
References:
- 3proxy (3proxy)
- Changelog 0.5.3h (3proxy)
- 3proxy[v0.5.3g]: (linux/win32 service) remote buffer overflow exploits (v9
)