CVE-2005-3654
CVSS7.5
发布时间 :2005-12-31 00:00:00
修订时间 :2011-03-07 21:26:56
NMCOPS    

[原文]Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of packets with 0xFF characters to the Telnet port (TCP 23), which corrupts the heap.


[CNNVD]Blue Coat Systems WinProxy Telnet远程拒绝服务攻击漏洞(CNNVD-200512-733)

        Blue Coat Systems Inc. WinProxy的6.1a之前版本,远程攻击者可通过向Telnet端口(TCP 23)发出大量带有0xFF字符的包,造成栈的破坏,从而发起拒绝服务攻击(崩溃)并可能执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:bluecoat:webproxy:4.0:r1hBlue Coat Systems WebProxy 4.0 R1h
cpe:/a:bluecoat:webproxy:5.0:r1bBlue Coat Systems WebProxy 5.0 R1b
cpe:/a:bluecoat:webproxy:5.0:r1cBlue Coat Systems WebProxy 5.0 R1c
cpe:/a:bluecoat:webproxy:4.0:r1eBlue Coat Systems WebProxy 4.0 R1e
cpe:/a:bluecoat:webproxy:5.1:r1dBlue Coat Systems WebProxy 5.1 R1d
cpe:/a:bluecoat:webproxy:5.1:r1aBlue Coat Systems WebProxy 5.1 R1a
cpe:/a:bluecoat:webproxy:6.0:r1cBlue Coat Systems WebProxy 6.0 R1c
cpe:/a:bluecoat:webproxy:4.0:r1bBlue Coat Systems WebProxy 4.0b
cpe:/a:bluecoat:webproxy:4.0:r1kBlue Coat Systems WebProxy 4.0 R1k
cpe:/a:bluecoat:webproxy:5.1:r1eBlue Coat Systems WebProxy 5.1 R1e
cpe:/a:bluecoat:webproxy:4.0:r1mBlue Coat Systems WebProxy 4.0 R1m
cpe:/a:bluecoat:webproxy:4.0:r1pBlue Coat Systems WebProxy 4.0 R1p
cpe:/a:bluecoat:webproxy:4.0:r1fBlue Coat Systems WebProxy 4.0 R1f
cpe:/a:bluecoat:webproxy:5.0:r1aBlue Coat Systems WebProxy 5.0 R1a
cpe:/a:bluecoat:webproxy:4.0:r1aBlue Coat Systems WebProxy 4.0a
cpe:/a:bluecoat:webproxy:4.0:r1nBlue Coat Systems WebProxy 4.0 R1n
cpe:/a:bluecoat:webproxy:6.0:r1aBlue Coat Systems WebProxy 6.0 R1a
cpe:/a:bluecoat:webproxy:4.0:r1cBlue Coat Systems WebProxy 4.0c
cpe:/a:bluecoat:webproxy:5.2:r1aBlue Coat Systems WebProxy 5.2 R1a

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3654
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3654
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-733
(官方数据源) CNNVD

- 其它链接及资源

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=365
(VENDOR_ADVISORY)  IDEFENSE  20060105 Blue Coat WinProxy Telnet DoS Vulnerability
http://securitytracker.com/id?1015442
(PATCH)  SECTRACK  1015442
http://secunia.com/advisories/18288
(VENDOR_ADVISORY)  SECUNIA  18288
http://www.winproxy.com/products/relnotes.asp
(UNKNOWN)  CONFIRM  http://www.winproxy.com/products/relnotes.asp
http://www.vupen.com/english/advisories/2006/0065
(UNKNOWN)  VUPEN  ADV-2006-0065
http://www.securityfocus.com/bid/16149
(UNKNOWN)  BID  16149
http://securityreason.com/securityalert/322
(UNKNOWN)  SREASON  322

- 漏洞信息

Blue Coat Systems WinProxy Telnet远程拒绝服务攻击漏洞
高危 其他
2005-12-31 00:00:00 2006-01-11 00:00:00
远程  
        Blue Coat Systems Inc. WinProxy的6.1a之前版本,远程攻击者可通过向Telnet端口(TCP 23)发出大量带有0xFF字符的包,造成栈的破坏,从而发起拒绝服务攻击(崩溃)并可能执行任意代码。

- 公告与补丁

        

- 漏洞信息 (F42865)

iDEFENSE Security Advisory 2006-01-05.3 (PacketStormID:F42865)
2006-01-08 00:00:00
iDefense Labs  idefense.com
advisory,remote,denial of service
CVE-2005-3654
[点击下载]

iDefense Security Advisory 01.05.06 - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to cause a denial of service (DoS) condition. The vulnerability can be triggered by sending a large string of 0xFF characters to the telnet proxy port of the server. Sending such a string will cause a heap corruption in the Winproxy process causing it to crash.

Blue Coat WinProxy Telnet DoS Vulnerability

iDefense Security Advisory 01.05.06
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=365
January 05, 2006

I. BACKGROUND

BlueCoat WinProxy is an Internet sharing proxy server designed for small
to medium businesses. In addition to Internet sharing Winproxy also
hosts a series of security, anti-spam and anti-spyware capabilities.

More information can be located from the vendors site at:

  http://www.winproxy.com/

II. DESCRIPTION

Remote exploitation of a design error in Blue Coat Systems Inc.'s
WinProxy allows attackers to cause a denial of service (DoS) condition.
 
The vulnerability can be triggered by sending a large string of 0xFF
characters to the telnet proxy port of the server. Sending such a string
will cause a heap corruption in the Winproxy process causing it to
crash.

III. ANALYSIS

Successful exploitation requires an attacker to send a stream of TCP
packets containing the 0xFF character to the WinProxy telnet server on
TCP port 23. This will lead to a crash of the server and it will be
unusable until it is restarted.

In lab tests, the heap corruption caused by this exploit led to cashes
in random locations in the process. The possibility for remote code
execution is possible, however will likely be very hard to control and
maintain reliable code execution.

IV. DETECTION

iDefense has confirmed this vulnerability in WinProxy 6.0.

All previous versions are suspected to be vulnerable.

V. WORKAROUND

Disabling the WinProxy telnet protocol will prevent this attack.

VI. VENDOR RESPONSE

Blue Coat has released WinProxy 6.1a to address this vulnerability.

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2005-3654 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

11/15/2005  Initial vendor notification
11/15/2005  Initial vendor response
01/05/2006  Coordinated public disclosure

IX. CREDIT

The discoverer of this vulnerability wishes to remain anonymous.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

Free tools, research and upcoming events
http://labs.idefense.com

X. LEGAL NOTICES

Copyright     

- 漏洞信息

22239
Blue Coat WinProxy Telnet Proxy Long String Overflow DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability

- 漏洞描述

- 时间线

2006-01-05 2005-11-15
Unknow Unknow

- 解决方案

Upgrade to version 6.1a or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Blue Coat Systems WinProxy Telnet Remote Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 16149
Yes No
2006-01-05 12:00:00 2006-01-05 12:00:00
The discoverer of this vulnerability wishes to remain anonymous.

- 受影响的程序版本

Blue Coat Systems WebProxy 6.0
Blue Coat Systems WebProxy 6.1 a

- 不受影响的程序版本

Blue Coat Systems WebProxy 6.1 a

- 漏洞讨论

WinProxy is prone to a remote denial of service vulnerability. This issue is due to a failure in the application to properly handle user-supplied data.

A remote attacker can exploit this issue to crash the server denying service to legitimate users. Remote code execution may be possible but is unlikely.

This issue affects WinProxy version 6.0; earlier versions are also likely vulnerable.

- 漏洞利用

No exploit is required.

- 解决方案

The vendor has released version 6.1a addressing this and other issues. Users are advised to contact the vendor for details on obtaining the appropriate update.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站