Vulnerability Note VU#139421

simpleproxy format string vulnerability

Original Release date: 02 Sep 2005 | Last revised: 10 Oct 2005

Overview

A format string vulnerability in the simpleproxy TCP proxy may allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

simpleproxy, a basic open source TCP proxy, contains a format string vulnerability in an unspecified HTTP proxy request handling routine. If a remote attacker sends simpleproxy a specially crafted HTTP request, they may be able to execute arbitrary code on a vulnerable system.

Impact

A remote attacker may be able to execute arbitrary code with the privileges of the simpleproxy process.

Solution

Upgrade

Upgrading to simpleproxy version 3.4 corrects this problem.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Debian LinuxAffected02 Sep 200502 Sep 2005
simpleproxyAffected-01 Sep 2005
Apple Computer, Inc.Not Affected02 Sep 200510 Oct 2005
OpenWall LinuxNot Affected02 Sep 200506 Sep 2005
Sun Microsystems, Inc.Not Affected02 Sep 200506 Sep 2005
Conectiva Inc.Unknown02 Sep 200502 Sep 2005
Cray, Inc.Unknown02 Sep 200502 Sep 2005
EMC, Inc. (formerly Data General Corporation)Unknown02 Sep 200502 Sep 2005
Engarde Secure LinuxUnknown02 Sep 200502 Sep 2005
F5 Networks, Inc.Unknown02 Sep 200502 Sep 2005
FreeBSD, Inc.Unknown02 Sep 200502 Sep 2005
Fujitsu LimitedUnknown02 Sep 200502 Sep 2005
Hewlett-Packard CompanyUnknown02 Sep 200502 Sep 2005
Hitachi InternetworkingUnknown02 Sep 200502 Sep 2005
IBM CorporationUnknown02 Sep 200502 Sep 2005
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Ulf Harnhammar.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CAN-2005-1857
  • Date Public: 26 Aug 2005
  • Date First Published: 02 Sep 2005
  • Date Last Updated: 10 Oct 2005
  • Severity Metric: 5.84
  • Document Revision: 19

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.