A format string vulnerability in the simpleproxy TCP proxy may allow a remote attacker to execute arbitrary code on a vulnerable system.
simpleproxy, a basic open source TCP proxy, contains a format string vulnerability in an unspecified HTTP proxy request handling routine. If a remote attacker sends simpleproxy a specially crafted HTTP request, they may be able to execute arbitrary code on a vulnerable system.
A remote attacker may be able to execute arbitrary code with the privileges of the simpleproxy process.
Upgrading to simpleproxy version 3.4 corrects this problem.
Debian Linux Affected
Apple Computer, Inc. Not Affected
OpenWall Linux Not Affected
Sun Microsystems, Inc. Not Affected
Conectiva Inc. Unknown
Cray, Inc. Unknown
Engarde Secure Linux Unknown
F5 Networks, Inc. Unknown
FreeBSD, Inc. Unknown
Fujitsu Limited Unknown
Hewlett-Packard Company Unknown
Hitachi Internetworking Unknown
IBM Corporation Unknown
IBM Corporation (zseries) Unknown
IBM eServer Unknown
Immunix Communications, Inc. Unknown
Ingrian, Inc. Unknown
Juniper Networks, Inc. Unknown
Mandriva, Inc. Unknown
Microsoft Corporation Unknown
MontaVista Software Unknown
QNX, Software Systems, Inc. Unknown
Red Hat Software, Inc. Unknown
Sequent Computer Systems, Inc. Unknown
Silicon Graphics, Inc. Unknown
Sony Corporation Unknown
The SCO Group (SCO Linux) Unknown
The SCO Group (SCO UnixWare) Unknown
Wind River Systems Unknown
This vulnerability was reported by Ulf Harnhammar.
This document was written by Jeff Gennari.
|Date First Published:||2005-09-02|
|Date Last Updated:||2005-10-10 17:31 UTC|