Reported May 26, 2003, by
K.K. Mookhey.
VERSIONS
AFFECTED
·
AnalogX 4.13
and earlier
DESCRIPTION
A vulnerability
in AnalogX Proxy 4.13 and earlier can result in the execution of arbitrary code
on the vulnerable system. This vulnerability stems from a buffer-overflow
condition. If a malicious user connects to the vulnerable host on TCP Port 6588
and supplies a URL of greater than 340 characters, a buffer overrun is triggered
on the vulnerable system. By supplying a specially crafted URL, an attacker can
execute arbitrary code on the vulnerable system.
VENDOR
RESPONSE
AnalogX has released version
4.14, which isn't vulnerable to this condition.
CREDIT
Discovered by
K. K. Mookhey.