A format string vulnerability in the simpleproxy TCP proxy may allow a remote attacker to execute arbitrary code on a vulnerable system.
simpleproxy, a basic open source TCP proxy, contains a format string vulnerability in an unspecified HTTP proxy request handling routine. If a remote attacker sends simpleproxy a specially crafted HTTP request, they may be able to execute arbitrary code on a vulnerable system.
A remote attacker may be able to execute arbitrary code with the privileges of the simpleproxy process.
Upgrading to simpleproxy version 3.4 corrects this problem.
This vulnerability was reported by Ulf Harnhammar.
This document was written by Jeff Gennari.
|Date First Published:||2005-09-02|
|Date Last Updated:||2005-10-10 17:31 UTC|