Vulnerabilities > CVE-2001-0129 - Unspecified vulnerability in Tinyproxy 1.3.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | tinyproxy tinyproxy 1.3.2/1.3.3 Heap Overflow Vulnerability. CVE-2001-0129 . Remote exploit for windows platform |
id | EDB-ID:20559 |
last seen | 2016-02-02 |
modified | 2001-01-17 |
published | 2001-01-17 |
reporter | CyRaX |
source | https://www.exploit-db.com/download/20559/ |
title | tinyproxy tinyproxy 1.3.2/1.3.3 Heap Overflow Vulnerability |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-018.NASL description PkC have found a heap overflow in tinyproxy that could be remotely exploited. An attacker could gain a shell (user nobody) remotely. last seen 2020-06-01 modified 2020-06-02 plugin id 14855 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14855 title Debian DSA-018-1 : tinyproxy - remote nobody exploit code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-018. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14855); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2001-0129"); script_bugtraq_id(2217); script_xref(name:"DSA", value:"018"); script_name(english:"Debian DSA-018-1 : tinyproxy - remote nobody exploit"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "PkC have found a heap overflow in tinyproxy that could be remotely exploited. An attacker could gain a shell (user nobody) remotely." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2001/dsa-018" ); script_set_attribute( attribute:"solution", value:"Upgrade the tinyproxy package immediately." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tinyproxy"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"patch_publication_date", value:"2001/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"tinyproxy", reference:"1.3.1-2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Firewalls NASL id TINY_PROXY_HEAP_OVERFLOW.NASL description It was possible to make the remote service crash by sending it the command : connect AAA[...]AAAA:// It may be possible for an attacker to execute arbitrary code on this host thanks to this flaw. last seen 2020-06-01 modified 2020-06-02 plugin id 10596 published 2001-01-19 reporter This script is Copyright (C) 2001-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10596 title tinyProxy Long Connect Request Overflow code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(10596); script_version ("1.26"); script_cve_id("CVE-2001-0129"); script_bugtraq_id(2217); script_name(english:"tinyProxy Long Connect Request Overflow"); script_set_attribute(attribute:"synopsis", value: "The remote proxy server is affected by a denial of service vulnerability." ); script_set_attribute(attribute:"description", value: "It was possible to make the remote service crash by sending it the command : connect AAA[...]AAAA:// It may be possible for an attacker to execute arbitrary code on this host thanks to this flaw." ); script_set_attribute(attribute:"solution", value: "If you are using tinyProxy, then upgrade to version 1.3.3a, or else contact your vendor for a patch." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2001/01/19"); script_set_attribute(attribute:"vuln_publication_date", value: "2001/01/17"); script_cvs_date("Date: 2018/08/01 17:36:12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"proxy server heap overflow"); script_category(ACT_DESTRUCTIVE_ATTACK); script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc."); script_family(english:"Firewalls"); script_dependencie("http_version.nasl"); script_require_ports("Services/www", "Services/http_proxy", 8888); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); ports = add_port_in_list(list:get_kb_list("Services/http_proxy"), port:8888); www = get_kb_list("Services/www"); if(!isnull(www))ports = make_list(ports, www); foreach port (ports) { banner = get_http_banner(port:port); if ( banner && "DAAP-Server: iTunes" >< banner ) continue; if (! get_port_state(port)) continue; if (service_is_dead(port: port) != 0) continue; req = strcat('connect ', crap(2048), '://\r\n\r\n'); r = http_send_recv_buf(port: port, data: req); if (service_is_dead(port:port, exit: 0) > 0) security_warning(port); }