tinyProxy Long Connect Request Overflow

2001-01-17T00:00:00
ID OSVDB:493
Type osvdb
Reporter OSVDB
Modified 2001-01-17T00:00:00

Description

Vulnerability Description

This host is running the 'tinyProxy' server. This proxy server is vulnerable to a heap overflow attack. By issuing a malformed request and attacker can cause a denial of service attack or possibly execute code on this host. An attacker can use this to disable the proxy server and deny legitimate users access.

Technical Description

connect AAA[...]AAAA://

Solution Description

The vendor has released a patch that fixes this issue. Please upgrade to that latest version of tinyProxy available from http://tinyproxy.sourceforge.net/.

Short Description

This host is running the 'tinyProxy' server. This proxy server is vulnerable to a heap overflow attack. By issuing a malformed request and attacker can cause a denial of service attack or possibly execute code on this host. An attacker can use this to disable the proxy server and deny legitimate users access.

References:

ISS X-Force ID: 5954 CVE-2001-0129 Bugtraq ID: 2217