FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

proxytunnel -- format string vulnerability

Affected packages
proxytunnel < 1.2.3

Details

VuXML ID 50744596-368f-11d9-a9e7-0001020eed82
Discovery 2004-11-01
Entry 2004-11-15

A Gentoo Linux Security Advisory reports:

Florian Schilhabel of the Gentoo Linux Security Audit project found a format string vulnerability in Proxytunnel. When the program is started in daemon mode (-a [port]), it improperly logs invalid proxy answers to syslog.

A malicious remote server could send specially-crafted invalid answers to exploit the format string vulnerability, potentially allowing the execution of arbitrary code on the tunnelling host with the rights of the Proxytunnel process.

[source]

References

CVE Name CVE-2004-0992
URL http://proxytunnel.sourceforge.net/news.html
URL http://www.gentoo.org/security/en/glsa/glsa-200411-07.xml

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.