OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: AnalogX Proxy Server Security Vulnerability Advisory REVISISED
From: Steve (steveSECURESOLUTIONS.ORG)
Date: Fri Nov 17 2000 - 09:18:18 CST

          Network Security Solutions Inc. Security Advisory
                     ( Philippine based Security Company )
                          http://www.Nssolution.net
                             http://connect.to/nssi

         ]** AnalogX Proxy Server DoS/Buffer Overflow Vulnerabilty **[

                       Author: Abraham Lincoln H.
                      Handle: zer0logic

         Email : AbrahamNssolution.net, zer0logicPrivacyx.Com
                     lincolnprivacyX.com, KnowledgeBaseLycos.com

Date Discovered: November 15, 2000
            Vendor: AnalogX.Com
Version Affected: AnalogX Proxy Server release 4.10
                           for Win 95 / 98 / NT / Win2k
   Local : Yes
Remote: Yes
     Risk: High

Problem Description:

      NSSI Team has discovered a Local/Remote Buffer Overflow/DoS
Vulnerabiltiy on AnalogX Proxy Server that could allow a Malicious
Attacker to disable the whole proxy server by just attacking a single
analogX proxy service.

Vulnerable Proxy Services; FTP, POP3, SMTP and Proxy Logger

        The Problem lies when FTP Service is ON and Logging is enabled or
disabled, or SMTP Service is ON and Logging is enabled or disabled, POP3
Service is ON and logging is enabled. When the Attacker Sends a Multiple
Abnormal Strings to a certain affected service it causes the whole Proxy to
Shutd0wn.
the proxy needs to re-start again to perform normal operation.

OUTPUT Error Message when Logging is Disabled:

    FTP Service error msg.:
                ABORT: Memory corrupt before (10241)
                            (PROTO\ftp.c\523)

  SMTP Service error msg.:
                ABORT: Memory corrupt before (10241)
                            (PROTO\smtp.c\379)

OUTPUT Error message when Logging is Enabled:

    FTP Service error msg.:
                    ABORT: Last String too large for Buffer (1509 > 1024)
                                (log.c/114)

   POP3 Service error msg.:
                           ABORT: Last String too large for Buffer (1509 >
1024)
                                       (log.c/114)

 SMTP Service error msg.:
                   ABORT: Last String too large for Buffer (10301 > 1024)
                        (log.c/114)

NOT Affected Services:
                              HTTP Proxy: 6588
                             Socks Proxy: 1080
                                       NNTP: 119

Work Around:
            Disable FTP Proxy service
            Disable SMTP Proxy service
            Disable POP3 Proxy service if Logging is enabled

Vendor Status: AnalogX has been notified of this Vulnerability but no patch
has been issued.

Related Links: http://www.nssolution.net
                         http://connect.to/nssi

Feedback and Inquiries:
            If you have any questions, inquiries, feedback, concerns and
updates pls don't hesitate to email us.

For Inquiries,Concerns and updates - Infonssolution.net

for Comments and Questions - Abrahamnssolution.net, lincolnprivacyx.com
                                             zer0logicprivacyx.com

Disclaimer:
        This paper is intended for informational purpose only. We are not
responsible for the the Use and/or potential effects of these advisories.
Read this at your own risk or not at all.

Copyright(c) 2000-2001 Network Security Solutions Inc.
Permission is herby granted for the redistribution of this alert
electronically. if you wish to reprint or modify this document Contact us
1st or email us at: infonssolution.net

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net