Vulnerabilities > CVE-2004-2416 - Remote Buffer Overflow vulnerability in Youngzsoft Ccproxy 6.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
youngzsoft
nessus
exploit available
metasploit
NVD
Published: 2004-12-31
Updated: 2017-07-11

Summary

Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request.

Vulnerable Configurations

Part Description Count
Application
Youngzsoft
1

Exploit-Db

  • descriptionCCProxy. CVE-2004-2416. Remote exploit for windows platform
    idEDB-ID:16689
    last seen2016-02-02
    modified2010-04-30
    published2010-04-30
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16689/
    titleCCProxy <= 6.2 - Telnet Proxy Ping Overflow
  • descriptionCCProxy Log Remote Stack Overflow Exploit. CVE-2004-2416. Remote exploit for windows platform
    idEDB-ID:619
    last seen2016-01-31
    modified2004-11-09
    published2004-11-09
    reporterRuder
    sourcehttps://www.exploit-db.com/download/619/
    titleCCProxy Log Remote Stack Overflow Exploit

Metasploit

descriptionThis module exploits the YoungZSoft CCProxy <= v6.2 suite Telnet service. The stack is overwritten when sending an overly long address to the 'ping' command.
idMSF:EXPLOIT/WINDOWS/PROXY/CCPROXY_TELNET_PING
last seen2020-06-01
modified2017-11-08
published2007-09-09
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2416
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/proxy/ccproxy_telnet_ping.rb
titleCCProxy Telnet Proxy Ping Overflow

Nessus

NASL familyWeb Servers
NASL idCCPROXY_OVERFLOW.NASL
descriptionThe version of CCProxy running on the remote host has a buffer overflow vulnerability. This issue is triggered by sending a long HTTP GET request. A remote attacker could exploit this issue to crash the service, or potentially execute arbitrary code.
last seen2020-06-01
modified2020-06-02
plugin id15774
published2004-11-20
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/15774
titleCCProxy Logging Compoent HTTP GET Request Remote Overflow
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if(description)
{
 script_id(15774);
 script_version ("1.15");
 script_cve_id("CVE-2004-2416");
 script_bugtraq_id(11666);
 script_xref(name:"EDB-ID", value:"619");
 script_xref(name:"Secunia", value:"13085");

 script_name(english:"CCProxy Logging Compoent HTTP GET Request Remote Overflow");
 script_summary(english:"Does a version check");
 
 script_set_attribute(
   attribute:"synopsis",
   value:"The remote proxy has a buffer overflow vulnerability."
 );
 script_set_attribute(attribute:"description", value:
"The version of CCProxy running on the remote host has a buffer
overflow vulnerability.  This issue is triggered by sending a long
HTTP GET request.  A remote attacker could exploit this issue to
crash the service, or potentially execute arbitrary code." );
 script_set_attribute(
   attribute:"see_also",
   value:"https://exchange.xforce.ibmcloud.com/vulnerabilities/18012"
 );
 script_set_attribute(
   attribute:"see_also",
   value:"http://www.securiteam.com/exploits/6E0032KBPM.html"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Upgrade to CCProxy version 6.3 or later."
 );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'CCProxy Telnet Proxy Ping Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/20");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/11/05");
 script_cvs_date("Date: 2018/06/27 18:42:26");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 
 script_category(ACT_GATHER_INFO);
 script_family(english:"Web Servers");
 
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 
 script_dependencie("find_service2.nasl");
 script_require_ports("Services/ccproxy-smtp");
 exit(0);
}

#
# The script code starts here
#
include("smtp_func.inc");
port = get_kb_item("Services/ccproxy-smtp");
if ( ! port ) exit(0);
banner = get_smtp_banner ( port:port);
if ( egrep(pattern:"CCProxy ([0-5]\.|6\.[0-2]) SMTP Service Ready", string:banner) )
	security_hole ( port );

Packetstorm

References