Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] BlueCoat WinProxy Multiple DoS and Buffer Overflow

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] BlueCoat WinProxy Multiple DoS and Buffer Overflow
Date: 8 Jan 2006 13:54:52 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  BlueCoat WinProxy Multiple DoS and Buffer Overflow
------------------------------------------------------------------------


SUMMARY

 <http://www.winproxy.com/> BlueCoat WinProxy is "an Internet sharing 
proxy server". Improper handling of long requests within BlueCoat WinProxy 
allows attackers to cause the program to no longer answer legitimate 
request and execute arbitrary code.

DETAILS

Vulnerable Systems:
 * WinProxy version 6.0 and prior

Immune Systems:
 * WinProxy version 6.1a

HTTP Remote DoS:
The vulnerability specifically exists due to improper handling of a long 
HTTP request that is approximately 32,768 bytes long. When such a request 
occurs, the process will crash while attempting to read past the end of a 
memory region.

Successful exploitation requires an attacker to send a specially 
constructed HTTP request to the WinProxy server on TCP port 80. This will 
lead to a crash of the server and it will be unusable until it is 
restarted.

This vulnerability may only be utilized by attackers who have access to 
the network segment that contains the listening daemon, which in some 
cases is a private local area network. Remote exploitation of a design 
error in Blue Coat WinProxy allow attackers to cause a DoS condition.

Host Header Buffer Overflow:
The vulnerability can be triggered by sending an overly long Host string 
to the web proxy service.
Remote exploitation of a buffer overflow vulnerability in Blue Coat 
WinProxy allow remote execution of arbitrary code by attackers.

Exploitation of this vulnerability is trivial. An overly long header 
directly overwrites the SEH handler for the frame allowing for control 
over EIP.

Telnet DoS:
The vulnerability can be triggered by sending a large string of 0xFF 
characters to the telnet proxy port of the server. Sending such a string 
will cause a heap corruption in the Winproxy process causing it to crash.

Successful exploitation requires an attacker to send a stream of TCP 
packets containing the 0xFF character to the WinProxy telnet server on TCP 
port 23. This will lead to a crash of the server and it will be unusable 
until it is restarted.

In lab tests, the heap corruption caused by this exploit led to cashes in 
random locations in the process. The possibility for remote code execution 
is possible, however will likely be very hard to control and maintain 
reliable code execution.

Remote exploitation of a design error in Blue Coat WinProxy allow 
attackers to cause a denial of service (DoS) condition.

CVE Information:
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3654> 
CAN-2005-3654
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-4085> 
CAN-2005-4085
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3187> 
CAN-2005-3187

Disclosure Timeline:
12/07/2005 Initial vendor notification about buffer overflow
12/08/2005 Initial vendor response about buffer overflow
11/15/2005 Initial vendor notification about Telnet DoS
11/15/2005 Initial vendor response about Telnet DoS
10/12/2005 Initial vendor notification about HTTP Remote DoS
10/12/2005 Initial vendor response about HTTP Remote DoS
01/05/2006  Coordinated public disclosure


ADDITIONAL INFORMATION

The information has been provided by  
<mailto:idlabs-advisories@lists.idefense.com> iDEFENSE Labs .
The original article can be found at:  
<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363> 
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=363,
 <http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364> 
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364,
 <http://www.idefense.com/intelligence/vulnerabilities/display.php?id=365> 
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=365



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] BlueCoat WinProxy Multiple DoS and Buffer Overflow, SecuriTeam <=
Previous by Date:  [NT] Vulnerability in Graphics Rendering Engine Allows Remote Code Execution (MS06-001), SecuriTeam
Next by Date:  [EXPL] BlueCoat WinProxy HTTP DoS (Exploit), SecuriTeam
Previous by Thread:  [NT] Vulnerability in Graphics Rendering Engine Allows Remote Code Execution (MS06-001), SecuriTeam
Next by Thread:  [EXPL] BlueCoat WinProxy HTTP DoS (Exploit), SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]