Thread-topic: iDefense Security Advisory 01.05.06: Blue Coat Systems WinProxy HostHeader Stack Overflow Vulnerability
>
> Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability
>
> iDefense Security Advisory 01.05.06
>
> hp?id=364
> January 05, 2006
>
> I. BACKGROUND
>
> BlueCoat WinProxy is an Internet sharing proxy server
> designed for small
> to medium businesses. In addition to Internet sharing Winproxy also
> hosts a series of security, anti-spam and anti-spyware capabilities.
>
> More information can be located from the vendors site at:
>
>
>
> II. DESCRIPTION
>
> Remote exploitation of a buffer overflow vulnerability in Blue Coat
> Systems Inc.'s WinProxy allows for the remote execution of arbitrary
> code by attackers.
>
> The vulnerability can be triggered by sending an overly long Host:
> string to the web proxy service.
>
> III. ANALYSIS
>
> Exploitation of this vulnerability is trivial. An overly long header
> directly overwrites the SEH handler for the frame allowing for control
> over EIP.
>
> IV. DETECTION
>
> iDefense has confirmed this vulnerability in WinProxy 6.0.
> All previous
> versions are suspected to be vulnerable.
>
> V. WORKAROUND
>
> Disabling the WinProxy web proxy protocol will prevent this attack.
>
> VI. VENDOR RESPONSE
>
> Blue Coat has released WinProxy 6.1a to address this vulnerability.
>
> VII. CVE INFORMATION
>
> The Common Vulnerabilities and Exposures (CVE) project has
> assigned the
> name CAN-2005-4085 to this issue. This is a candidate for inclusion in
> the CVE list (), which standardizes names for
> security problems.
>
> VIII. DISCLOSURE TIMELINE
>
> 12/07/2005 Initial vendor notification
> 12/08/2005 Initial vendor response
> 01/05/2006 Coordinated public disclosure
>
> IX. CREDIT
>
> This vulnerability was discovered by FistFuXXer.
>
> Get paid for vulnerability research
>
>
> Free tools, research and upcoming events
>
>
> X. LEGAL NOTICES
>
> Copyright (c) 2006 iDefense, Inc.
>
> Permission is granted for the redistribution of this alert
> electronically. It may not be edited in any way without the express
> written consent of iDefense. If you wish to reprint the whole or any
> part of this alert in any other medium other than
> electronically, please
> email customerservice@xxxxxxxxxxxx for permission.
>
> Disclaimer: The information in the advisory is believed to be accurate
> at the time of publishing based on currently available
> information. Use
> of the information constitutes acceptance for use in an AS IS
> condition.
> There are no warranties with regard to this information. Neither the
> author nor the publisher accepts any liability for any
> direct, indirect,
> or consequential loss or damage arising from use of, or reliance on,
> this information.
> _______________________________________________
> To unsubscribe, go here:
>
>
