3proxy FTP Proxy Double Free Memory Corruption Vulnerability

Bugtraq ID:	26180
Class:	Design Error
CVE:	CVE-2007-5622
Remote:	Yes
Local:	No
Published:	Oct 23 2007 12:00AM
Updated:	Nov 15 2007 12:39AM
Credit:	Venustech AD_LAB is credited with the discovery of this vulnerability.
Vulnerable:	Gentoo Linux 3proxy 3proxy 0.4 3proxy 3proxy 0.5.3i 3proxy 3proxy 0.5.3h 3proxy 3proxy 0.5.3g 3proxy 3proxy 0.5
Not Vulnerable:	3proxy 3proxy 0.5.3j

3proxy FTP Proxy Double Free Memory Corruption Vulnerability

3proxy is prone to a double-free memory-corruption vulnerability.

Attackers may be able to exploit this issue to cause denial-of-service conditions.

This issue affects 3proxy 0.5.3i; other versions may also be vulnerable.

3proxy FTP Proxy Double Free Memory Corruption Vulnerability

To exploit this issue, attackers can use readily available network utilities.

3proxy FTP Proxy Double Free Memory Corruption Vulnerability

Solution:
The vendor has released updates that address this issue. Please see the references for more information.


3proxy 3proxy 0.5

• 3proxy 3proxy 0.5.3j
  http://3proxy.ru/download/

3proxy 3proxy 0.5.3h

• 3proxy 3proxy 0.5.3j
  http://3proxy.ru/download/

3proxy 3proxy 0.5.3i

• 3proxy 3proxy 0.5.3j
  http://3proxy.ru/download/

3proxy 3proxy 0.5.3g

• 3proxy 3proxy 0.5.3j
  http://3proxy.ru/download/

3proxy 3proxy 0.4

• 3proxy 3proxy 0.5.3j
  http://3proxy.ru/download/

3proxy FTP Proxy Double Free Memory Corruption Vulnerability

References:

• 3proxy (3proxy)
  
• 3proxy double free vulnerability (AD-LAB)
  
• Changelog 0.5.3j (3proxy)
  
• 3proxy 0.5.3j released (bugfix) (3APA3A <[email protected]>)