analogx-4.10.dos.txt

` Network Security Solutions Inc. Security Advisory   
( Philippine based Security Company )   
Http://www.Nssolution.net   
Http://connect.to/nssi  
  
]** AnalogX Proxy Server DoS/Buffer Overflow Vulnerabilty **[  
  
Author: Abraham Lincoln H.  
Handle: zer0logic  
  
Email : [email protected], [email protected]  
[email protected], [email protected]  
  
Date Discovered: November 15, 2000  
Vendor: AnalogX.Com  
Version Affected: AnalogX Proxy Server release 4.10  
for Win 95 / 98 / NT / Win2k  
Local : Yes  
Remote: Yes  
Risk: High  
  
Problem Description:  
  
NSSI Team has discovered a Local/Remote Buffer Overflow/DoS  
Vulnerabiltiy on AnalogX Proxy Server that could allow a Malicious  
Attacker to disable the whole proxy server by just attacking a single  
analogX proxy service.  
  
Vulnerable Proxy Services; FTP, POP3, SMTP and Proxy Logger  
  
The Problem lies when FTP Service is ON and Logging is enabled or  
disabled, or SMTP Service is ON and Logging is enabled or disabled, POP3  
Service is ON and logging is enabled. When the Attacker Sends a Multiple  
Abnormal Strings to a certain affected service it causes the whole Proxy to Shutd0wn.  
the proxy needs to re-start again to perform normal operation.  
  
OUTPUT Error Message when Logging is Disabled:  
  
FTP Service error msg.:  
ABORT: Memory corrupt before (10241)  
(PROTO\ftp.c\523)  
  
SMTP Service error msg.:  
ABORT: Memory corrupt before (10241)  
(PROTO\smtp.c\379)  
  
OUTPUT Error message when Logging is Enabled:  
  
FTP Service error msg.:   
ABORT: Last String too large for Buffer (1509 > 1024)   
(log.c/114)  
  
POP3 Service error msg.:   
ABORT: Last String too large for Buffer (1509 > 1024)   
(log.c/114)   
  
SMTP Service error msg.:   
ABORT: Last String too large for Buffer (10301 > 1024)   
(log.c/114)  
  
NOT Affected Services:   
HTTP Proxy: 6588  
Socks Proxy: 1080   
NNTP: 119  
  
Work Around:   
Disable FTP Proxy service  
Disable SMTP Proxy service   
Disable POP3 Proxy service if Logging is enabled  
  
Vendor Status: AnalogX has been notified of this Vulnerability but no patch has been issued.  
  
Related Links: Http://www.nssolution.net   
Http://connect.to/nssi  
  
Feedback and Inquiries:  
If you have any questions, inquiries, feedback, concerns and  
updates pls don't hesitate to email us.  
  
For Inquiries,Concerns and updates - [email protected]   
  
for Comments and Questions - [email protected], [email protected]  
[email protected]  
  
Disclaimer:   
This paper is intended for informational purpose only. We are not  
responsible for the the Use and/or potential effects of these advisories.   
Read this at your own risk or not at all.  
  
Copyright(c) 2000-2001 Network Security Solutions Inc.  
Permission is herby granted for the redistribution of this alert  
electronically. if you wish to reprint or modify this document Contact us  
1st or email us at: [email protected]   
`