Vulnerabilities > CVE-2007-2031 - Buffer Overflow vulnerability in 3proxy HTTP Proxy Request
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description 3proxy 0.5.3g proxy.c logurl() Remote Overflow Exploit (exec-shield). CVE-2007-2031. Remote exploit for linux platform id EDB-ID:3829 last seen 2016-01-31 modified 2007-05-02 published 2007-05-02 reporter Xpl017Elz source https://www.exploit-db.com/download/3829/ title 3proxy 0.5.3g proxy.c logurl Remote Overflow Exploit exec-shield description 3proxy 0.5.3g proxy.c logurl() Remote Buffer Overflow Exploit (linux). CVE-2007-2031. Remote exploit for linux platform id EDB-ID:3821 last seen 2016-01-31 modified 2007-04-30 published 2007-04-30 reporter vade79 source https://www.exploit-db.com/download/3821/ title 3proxy 0.5.3g proxy.c logurl Remote Buffer Overflow Exploit linux
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200704-17.NASL description The remote host is affected by the vulnerability described in GLSA-200704-17 (3proxy: Buffer overflow) The 3proxy development team reported a buffer overflow in the logurl() function when processing overly long requests. Impact : A remote attacker could send a specially crafted transparent request to the proxy, resulting in the execution of arbitrary code with privileges of the user running 3proxy. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25105 published 2007-04-30 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25105 title GLSA-200704-17 : 3proxy: Buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200704-17. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(25105); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-2031"); script_xref(name:"GLSA", value:"200704-17"); script_name(english:"GLSA-200704-17 : 3proxy: Buffer overflow"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200704-17 (3proxy: Buffer overflow) The 3proxy development team reported a buffer overflow in the logurl() function when processing overly long requests. Impact : A remote attacker could send a specially crafted transparent request to the proxy, resulting in the execution of arbitrary code with privileges of the user running 3proxy. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200704-17" ); script_set_attribute( attribute:"solution", value: "All 3proxy users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-proxy/3proxy-0.5.3h'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:3proxy"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/30"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-proxy/3proxy", unaffected:make_list("ge 0.5.3h"), vulnerable:make_list("lt 0.5.3h"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "3proxy"); }NASL family Firewalls NASL id 3PROXY_LOGURL_OVERFLOW.NASL description The remote host is running 3proxy, an application proxy supporting many protocols (Telnet, FTP, WWW, and more). A stack overflow vulnerability has been detected in 3proxy prior to 0.5.3h and 0.6b-devel before 20070413. By sending a long host header in HTTP GET request, a remote attacker could overflow a buffer and execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 31094 published 2008-02-14 reporter This script is Copyright (C) 2008-2018 Marcin Kozlowski source https://www.tenable.com/plugins/nessus/31094 title 3Proxy HTTP Proxy Crafted Transparent Request Remote Overflow
References
- http://3proxy.ru/0.5.3h/Changelog.txt
- http://secunia.com/advisories/24961
- http://secunia.com/advisories/25001
- http://security.gentoo.org/glsa/glsa-200704-17.xml
- http://www.securityfocus.com/archive/1/466650/100/100/threaded
- http://www.securityfocus.com/bid/23545
- http://www.vupen.com/english/advisories/2007/1442
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33841