Vulnerabilities > CVE-2007-5622 - Resource Management Errors vulnerability in 3Proxy
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Double free vulnerability in the ftpprchild function in ftppr in 3proxy 0.5 through 0.5.3i allows remote attackers to cause a denial of service (daemon crash) via multiple OPEN commands to the FTP proxy.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200711-13.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200711-13 (3proxy: Denial of Service) 3proxy contains a double free vulnerability in the ftpprchild() function, which frees param->hostname and calls the parsehostname() function, which in turn attempts to free param->hostname again. Impact : A remote attacker could send a specially crafted request to the proxy, possibly resulting in a Denial of Service. Under typical configuration, the scope of this vulnerability is limited to the local network. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 27848 |
published | 2007-11-09 |
reporter | This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/27848 |
title | GLSA-200711-13 : 3proxy: Denial of Service |
code |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 26180 CVE(CAN) ID: CVE-2007-5622 3Proxy是一款小型的代理软件。 3Proxy在处理连接时存在漏洞,远程攻击者可能利用此漏洞控制服务器。 3Proxy的ftpprchild()函数中存在双重释放漏洞: ... if (!strncasecmp((char *)buf, "OPEN ", 5)){ if(param->hostname) myfree(param->hostname); <--first free if(parsehostname((char *)buf+5, param, 21)){RETURN(803);} the parsehostname will free param->hostname again. int parsehostname(char *hostname, struct clientparam *param, unsigned short port){ char *sp; if(!hostname || !*hostname)return 1; if ( (sp = strchr(hostname, ':')) ) *sp = 0; if(param->hostname) myfree(param->hostname); <-- double free 远程攻击者可以通过向FTP代码模块多次发送OPEN命令触发这个漏洞,导致服务不稳定或崩溃。 3Proxy 3proxy 0.5 - 0.5.3i 3Proxy ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://3proxy.ru/download/" target="_blank">http://3proxy.ru/download/</a> |
id | SSV:2337 |
last seen | 2017-11-19 |
modified | 2007-10-26 |
published | 2007-10-26 |
reporter | Root |
title | 3Proxy FTP代理模块OPEN命令双重释放漏洞 |
References
- http://3proxy.ru/0.5.3j/Changelog.txt
- http://bugs.gentoo.org/show_bug.cgi?id=196772
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066985.html
- http://osvdb.org/41870
- http://secunia.com/advisories/27353
- http://secunia.com/advisories/27607
- http://security.gentoo.org/glsa/glsa-200711-13.xml
- http://www.securityfocus.com/archive/1/482697/100/0/threaded
- http://www.securityfocus.com/bid/26180
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37401