Vulnerability Note VU#139421
simpleproxy format string vulnerability
A format string vulnerability in the simpleproxy TCP proxy may allow a remote attacker to execute arbitrary code on a vulnerable system.
simpleproxy, a basic open source TCP proxy, contains a format string vulnerability in an unspecified HTTP proxy request handling routine. If a remote attacker sends simpleproxy a specially crafted HTTP request, they may be able to execute arbitrary code on a vulnerable system.
A remote attacker may be able to execute arbitrary code with the privileges of the simpleproxy process.
Upgrading to simpleproxy version 3.4 corrects this problem.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Debian Linux||Affected||02 Sep 2005||02 Sep 2005|
|simpleproxy||Affected||-||01 Sep 2005|
|Apple Computer, Inc.||Not Affected||02 Sep 2005||10 Oct 2005|
|OpenWall Linux||Not Affected||02 Sep 2005||06 Sep 2005|
|Sun Microsystems, Inc.||Not Affected||02 Sep 2005||06 Sep 2005|
|Conectiva Inc.||Unknown||02 Sep 2005||02 Sep 2005|
|Cray, Inc.||Unknown||02 Sep 2005||02 Sep 2005|
|EMC, Inc. (formerly Data General Corporation)||Unknown||02 Sep 2005||02 Sep 2005|
|Engarde Secure Linux||Unknown||02 Sep 2005||02 Sep 2005|
|F5 Networks, Inc.||Unknown||02 Sep 2005||02 Sep 2005|
|FreeBSD, Inc.||Unknown||02 Sep 2005||02 Sep 2005|
|Fujitsu Limited||Unknown||02 Sep 2005||02 Sep 2005|
|Hewlett-Packard Company||Unknown||02 Sep 2005||02 Sep 2005|
|Hitachi Internetworking||Unknown||02 Sep 2005||02 Sep 2005|
|IBM Corporation||Unknown||02 Sep 2005||02 Sep 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by Ulf Harnhammar.
This document was written by Jeff Gennari.
- CVE IDs: CAN-2005-1857
- Date Public: 26 Aug 2005
- Date First Published: 02 Sep 2005
- Date Last Updated: 10 Oct 2005
- Severity Metric: 5.84
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.