Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18254
HistoryOct 23, 2007 - 12:00 a.m.

3proxy double free vulnerability

2007-10-2300:00:00
vulners.com
19
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

3proxy double free vulnerability
[Security Advisory]

Advisory: [AD_LAB-07006] 3proxy double free vulnerability
Class: Design Error
DATE:10/22/2007
CVEID:CVE-2007-5622
Vulnerable:
3proxy <=0.5.3i
Vendor:
http://www.3proxy.ru/

I.Synopsis

A vulnerability has been discovered in 3proxy.

II.DETAILS:

Background

3proxy is a multi-protocol proxy, including HTTP/HTTPS/FTP and SOCKS
support.

Description

    There is a double free vulnerability in function ftpprchild&#40;&#41;.


if (!strncasecmp((char *)buf, "OPEN ", 5)){
if(param->hostname) myfree(param->hostname); <–first free
if(parsehostname((char *)buf+5, param, 21)){RETURN(803);}

the parsehostname will free param->hostname again.
int parsehostname(char *hostname, struct clientparam *param, unsigned
short port){
char *sp;

            if&#40;!hostname || !*hostname&#41;return 1;
            if &#40; &#40;sp = strchr&#40;hostname, &#39;:&#39;&#41;&#41; &#41; *sp = 0;
            if&#40;param-&gt;hostname&#41; myfree&#40;param-&gt;hostname&#41;; &lt;-- double free

Impact
A remote attacker can cause instability and potentially crash a service by
issuing "OPEN" command for FTP proxy more than once.

Resolution

New version can be downloaded from

http://3proxy.ru/download/

III.CREDIT:

Venustech AD-LAB discovery this vuln. Thank to all Venustech AD-Lab

guys.

V.DISCLAIMS:

The information in this bulletin is provided "AS IS" without warranty of
any
kind. In no event shall we be liable for any damages whatsoever
including direct,
indirect, incidental, consequential, loss of business profits or special
damages.

Copyright 1996-2007 VENUSTECH. All Rights Reserved. Terms of use.

VENUSTECH Security Lab
VENUSTECH INFORMATION TECHNOLOGY CO.,LTD(http://www.venustech.com.cn)

Security
Trusted {Solution} Provider
Service
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHHhVrFVSdIDJXOo0RAsphAJ4zHLat+GcjOtwcz5C0gFA1Mc8zEQCdFG1g
pCTMq/tnk2Lkc+AGQq7gm0U=
=Zi/2
-----END PGP SIGNATURE-----

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Related

nessus 1
prion 1
cve 1
openvas 2
gentoo 1
securityvulns 2
seebug 1
nessus
nessus
GLSA-200711-13 : 3proxy: Denial of Service
2007-11-09 00:00:00
prion
prion
Double free
2007-10-29 21:46:00
cve
cve
CVE-2007-5622
2007-10-29 21:46:00
openvas
openvas
Gentoo Security Advisory GLSA 200711-13 (3proxy)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200711-13 (3proxy)
2008-09-24 00:00:00
gentoo
gentoo
3proxy: Denial of service
2007-11-08 00:00:00
securityvulns
securityvulns
3proxy double free&#40;&#41; security vulnerability
2007-10-23 00:00:00
3proxy 0.5.3j released &#40;bugfix&#41;
2007-10-23 00:00:00
seebug
seebug
3Proxy FTP代理模块OPEN命令双重释放漏洞
2007-10-26 00:00:00
JSON
Related for SECURITYVULNS:DOC:18254
nessus1prion1cve1openvas2gentoo1securityvulns2seebug1