mailing list archives
NII Advisory - Buffer Overflow in Analogx Proxy
From: "K. K. Mookhey" <cto () nii co in>
Date: Mon, 26 May 2003 19:41:38 +0530
Buffer Overflow In Analogx Proxy 4.13
Versions affected: Proxy 4.13
Date: 26th May 2003
Type of Vulnerability: Remotely Exploitable Buffer Overflow
By: Network Intelligence India www.nii.co.in
"AnalogX Proxy is a small and simple server that allows any other machine on your local network to route it's requests
through a central machine. It supports HTTP (web), HTTPS (secure web), POP3 (recieve mail), SMTP (send mail), NNTP
(newsgroups), FTP (file transfer), and Socks4/4a and partial Socks5 (no UDP) protocols. It works with Internet
Explorer, Netscape, AOL, AOL Instant Messenger, Microsoft Messenger, and many more. "
When the AnalogX Proxy is supplied with a URL greater than 340 characters it crashes with a buffer overflow. A
specially crafted URL allows remote execution of arbitrary code.
The buffer overflow occurs when a user supplies a URL of length greater than 340 characters.
In its default configuration the proxy listens on all interfaces for proxy requests. In such a configuration, anyone
may cause the buffer overflow attack over the Internet by connecting to TCP 6588 port and supplying an overly long URL.
With a specially crafted URL, it may be possible to manipulate the stack and execute code of the attacker's choice.
This code would naturally be executed with the privileges with which AnalogX is running. In most cases, these are
Administrator privileges. The software strongly urges the user to bind it to the internal private IP. This would leave
it vulnerable only to attacks from local users.
III. VENDOR RESPONSE
The vendor responded quickly and patched up the software. The updated version is available at
http://www.analogx.com/contents/download/network/proxy.htm The updated version number is 4.14
IV. About NII
Network Intelligence India develops host-based security auditing software called the AuditPro suite. Further details
are available at http://www.nii.co.in/products.html Our latest product is one of the most comprehensive security
auditing products for MS SQL Servers http://nii.co.in/software/apsql.html We also provide Penetration Testing, Software
Security Testing and other Security Services http://www.nii.co.in/services.html
- NII Advisory - Buffer Overflow in Analogx Proxy K. K. Mookhey (May 27)