Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: iDefense Security Advisory 01.05.06: Blue Coat Systems WinProxy HostHeader Stack Overflow Vulnerability



> 
> Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability
> 
> iDefense Security Advisory 01.05.06
> http://www.idefense.com/intelligence/vulnerabilities/display.p
> hp?id=364
> January 05, 2006
> 
> I. BACKGROUND
> 
> BlueCoat WinProxy is an Internet sharing proxy server 
> designed for small
> to medium businesses. In addition to Internet sharing Winproxy also
> hosts a series of security, anti-spam and anti-spyware capabilities.
> 
> More information can be located from the vendors site at:
> 
>   http://www.winproxy.com/
> 
> II. DESCRIPTION
> 
> Remote exploitation of a buffer overflow vulnerability in Blue Coat
> Systems Inc.'s WinProxy allows for the remote execution of arbitrary
> code by attackers.
>  
> The vulnerability can be triggered by sending an overly long Host:
> string to the web proxy service.
> 
> III. ANALYSIS
> 
> Exploitation of this vulnerability is trivial. An overly long header
> directly overwrites the SEH handler for the frame allowing for control
> over EIP.
> 
> IV. DETECTION
> 
> iDefense has confirmed this vulnerability in WinProxy 6.0. 
> All previous
> versions are suspected to be vulnerable.
> 
> V. WORKAROUND
> 
> Disabling the WinProxy web proxy protocol will prevent this attack.
> 
> VI. VENDOR RESPONSE
> 
> Blue Coat has released WinProxy 6.1a to address this vulnerability.
> 
> VII. CVE INFORMATION
> 
> The Common Vulnerabilities and Exposures (CVE) project has 
> assigned the
> name CAN-2005-4085 to this issue. This is a candidate for inclusion in
> the CVE list (http://cve.mitre.org), which standardizes names for
> security problems.
> 
> VIII. DISCLOSURE TIMELINE
> 
> 12/07/2005  Initial vendor notification
> 12/08/2005  Initial vendor response
> 01/05/2006  Coordinated public disclosure
> 
> IX. CREDIT
> 
> This vulnerability was discovered by FistFuXXer.
> 
> Get paid for vulnerability research
> http://www.idefense.com/poi/teams/vcp.jsp
> 
> Free tools, research and upcoming events
> http://labs.idefense.com
> 
> X. LEGAL NOTICES
> 
> Copyright (c) 2006 iDefense, Inc.
> 
> Permission is granted for the redistribution of this alert
> electronically. It may not be edited in any way without the express
> written consent of iDefense. If you wish to reprint the whole or any
> part of this alert in any other medium other than 
> electronically, please
> email customerservice@xxxxxxxxxxxx for permission.
> 
> Disclaimer: The information in the advisory is believed to be accurate
> at the time of publishing based on currently available 
> information. Use
> of the information constitutes acceptance for use in an AS IS 
> condition.
> There are no warranties with regard to this information. Neither the
> author nor the publisher accepts any liability for any 
> direct, indirect,
> or consequential loss or damage arising from use of, or reliance on,
> this information.
> _______________________________________________
> To unsubscribe, go here:
> http://www.idefense.com/mailman/listinfo/idlabs-advisories
> 




 




Copyright © Lexa Software, 1996-2009.