|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
 |
Vulnerability Note VU#139421
simpleproxy format string vulnerability
OverviewA format string vulnerability in the simpleproxy TCP proxy may allow a remote attacker to execute arbitrary code on a vulnerable system.
I. Descriptionsimpleproxy, a basic open source TCP proxy, contains a format string vulnerability in an unspecified HTTP proxy request handling routine. If a remote attacker sends simpleproxy a specially crafted HTTP request, they may be able to execute arbitrary code on a vulnerable system. II. ImpactA remote attacker may be able to execute arbitrary code with the privileges of the simpleproxy process.III. SolutionUpgrade
Upgrading to simpleproxy version 3.4 corrects this problem.
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
| Apple Computer, Inc. | Not Vulnerable | 10-Oct-2005 |
| Conectiva Inc. | Unknown | 2-Sep-2005 |
| Cray, Inc. | Unknown | 2-Sep-2005 |
| Debian Linux | Vulnerable | 2-Sep-2005 |
| EMC, Inc. (formerly Data General Corporation) | Unknown | 2-Sep-2005 |
| Engarde Secure Linux | Unknown | 2-Sep-2005 |
| F5 Networks, Inc. | Unknown | 2-Sep-2005 |
| FreeBSD, Inc. | Unknown | 2-Sep-2005 |
| Fujitsu Limited | Unknown | 2-Sep-2005 |
| Hewlett-Packard Company | Unknown | 2-Sep-2005 |
| Hitachi Internetworking | Unknown | 2-Sep-2005 |
| IBM Corporation | Unknown | 2-Sep-2005 |
| IBM Corporation (zseries) | Unknown | 2-Sep-2005 |
| IBM eServer | Unknown | 2-Sep-2005 |
| Immunix Communications, Inc. | Unknown | 2-Sep-2005 |
| Ingrian, Inc. | Unknown | 2-Sep-2005 |
| Juniper Networks, Inc. | Unknown | 2-Sep-2005 |
| Mandriva, Inc. | Unknown | 2-Sep-2005 |
| Microsoft Corporation | Unknown | 2-Sep-2005 |
| MontaVista Software | Unknown | 2-Sep-2005 |
| NEC | Unknown | 2-Sep-2005 |
| NetBSD | Unknown | 2-Sep-2005 |
| Novell | Unknown | 2-Sep-2005 |
| OpenBSD | Unknown | 2-Sep-2005 |
| OpenWall Linux | Not Vulnerable | 6-Sep-2005 |
| QNX, Software Systems, Inc. | Unknown | 2-Sep-2005 |
| Red Hat Software, Inc. | Unknown | 2-Sep-2005 |
| Sequent Computer Systems, Inc. | Unknown | 2-Sep-2005 |
| Silicon Graphics, Inc. | Unknown | 2-Sep-2005 |
| simpleproxy | Vulnerable | 1-Sep-2005 |
| Sony Corporation | Unknown | 2-Sep-2005 |
| Sun Microsystems, Inc. | Not Vulnerable | 6-Sep-2005 |
| SuSe | Unknown | 2-Sep-2005 |
| The SCO Group (SCO Linux) | Unknown | 2-Sep-2005 |
| The SCO Group (SCO UnixWare) | Unknown | 2-Sep-2005 |
| Turbolinux | Unknown | 2-Sep-2005 |
| UNISYS | Unknown | 2-Sep-2005 |
| Wind River Systems | Unknown | 2-Sep-2005 |
References
http://secunia.com/advisories/16567/
http://www.us.debian.org/security/2005/dsa-786
http://sourceforge.net/projects/simpleproxy
Credit
This vulnerability was reported by Ulf Harnhammar.
This document was written by Jeff Gennari.
Other Information
| Date Public: | 2005-08-26 |
| Date First Published: | 2005-09-02 |
| Date Last Updated: | 2005-10-10 |
| CERT Advisory: | |
| CVE-ID(s): | CAN-2005-1857 |
| NVD-ID(s): | CAN-2005-1857 |
| US-CERT Technical Alerts: | |
| Metric: | 5.84 |
| Document Revision: | 19 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|