search menu icon-carat-right cmu-wordmark

CERT Coordination Center

simpleproxy format string vulnerability

Vulnerability Note VU#139421

Original Release Date: 2005-09-02 | Last Revised: 2005-10-10

Overview

A format string vulnerability in the simpleproxy TCP proxy may allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

simpleproxy, a basic open source TCP proxy, contains a format string vulnerability in an unspecified HTTP proxy request handling routine. If a remote attacker sends simpleproxy a specially crafted HTTP request, they may be able to execute arbitrary code on a vulnerable system.

Impact

A remote attacker may be able to execute arbitrary code with the privileges of the simpleproxy process.

Solution

Upgrade

Upgrading to simpleproxy version 3.4 corrects this problem.

Vendor Information

139421
 

View all 38 vendors View less vendors


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by Ulf Harnhammar.

This document was written by Jeff Gennari.

Other Information

CVE IDs: CVE-2005-1857
Severity Metric: 5.84
Date Public: 2005-08-26
Date First Published: 2005-09-02
Date Last Updated: 2005-10-10 17:31 UTC
Document Revision: 19

Sponsored by CISA.