3proxy 0.5.3j released (bugfix)

Type securityvulns
Reporter Securityvulns
Modified 2007-10-23T00:00:00


3proxy ( http://3proxy.ru/ ) is multi-platform (Windows, Linux, Unix) multi-protocol proxy server with abilities to mange traffic flows and bandwidths, convert requests between different proxy types, authenticate, authorize, control, limit and account users access and more.

3proxy 0.5.3j version was released, to address double free() vulnerability in FTP proxy module (ftppr) reported by Venustech AD-LAB (CVE-2007-5622). Vulnerable 3proxy versions are 0.5 - 0.5.3i. Current branch (0.6) is not affected.

3proxy 0.5.3j can be downloaded from http://3proxy.ru/download/

Because of programming error resulting in double free() vulnerability during the handling of "OPEN" FTP proxy request, it may be possible to crash 3proxy service by repeating this request. Reliable code execution doesn't seem possible.

FTP proxy is special non-standard (no RFC specification) type of proxy server with extended RFC 959 command set, compatible with only few graphical FTP clients. It's not compatible with browsers, because browsers use different, FTP over HTTP proxy. FTP proxy is not commonly used.

Vulnerability requires 'ftppr' service to be manually enabled in 3proxy configuration file or special 'ftppr' application executed. No over services (SOCKS, HTTP including FTP over HTTP proxy, POP3, TCP and UDP portmapping, etc) are affected.

Vulnerability is of pre-authentication type, but, because FTP proxy in 3proxy 0.5x branch doesn't support reverse proxing, it should never be accessible from Internet. Web scenario with exploitation through the legitimate client is also impossible. Under typical configuration, the scope of this vulnerability is limited to local network.