|
Vulnerability AnalogX Affected AnalogX Proxy Server release 4.10 Description Following is based on a Network Security Solutions Security Advisory. NSSI Team has discovered a Local/Remote Buffer Overflow/DoS Vulnerabiltiy on AnalogX Proxy Server that could allow a Malicious Attacker to disable the whole proxy server by just attacking a single analogX proxy service. Vulnerable Proxy Services are FTP, POP3, SMTP and Proxy Logger. The Problem lies when FTP Service is ON and Logging is enabled or disabled, or SMTP Service is ON and Logging is enabled or disabled, POP3 Service is ON and logging is enabled. When the Attacker Sends a Multiple Abnormal Strings to a certain affected service it causes the whole Proxy to Shutdown. The proxy needs to re-start again to perform normal operation. OUTPUT Error Message when Logging is Disabled: FTP Service error msg.: ABORT: Memory corrupt before (10241) (PROTO\ftp.c\523) SMTP Service error msg.: ABORT: Memory corrupt before (10241) (PROTO\smtp.c\379) OUTPUT Error message when Logging is Enabled: FTP Service error msg.: ABORT: Last String too large for Buffer (1509 > 1024) (log.c/114) POP3 Service error msg.: ABORT: Last String too large for Buffer (1509 > 1024) (log.c/114) SMTP Service error msg.: ABORT: Last String too large for Buffer (10301 > 1024) (log.c/114) NOT Affected Services: HTTP Proxy: 6588 Socks Proxy: 1080 NNTP: 119 Solution - Disable FTP Proxy service - Disable SMTP Proxy service - Disable POP3 Proxy service if Logging is enabled AnalogX has been notified of this Vulnerability but no patch has been issued.