COMMAND

    AnalogX

SYSTEMS AFFECTED

    AnalogX prior to 4.05

PROBLEM

    Following is  based on  a Foundstone  Security Advisory.   AnalogX
    Proxy is a simple but effective proxy server that has the  ability
    to  proxy  requests  for  the  following  services:   HTTP, HTTPS,
    SOCKS4, SOCKS4a, SOCKS5, NNTP, POP3, SMTP, FTP.

    Using  commands  of  an  appropriate  length, many of the services
    exhibit unchecked buffers causing  the proxy server to  crash with
    an invalid page fault thus creating a denial of service.  Normally
    this would  only be  a concern  for users  on the  LAN side of the
    proxy,  but  by  default  Proxy  is  configured  to  bind  to  all
    interfaces on the host and  so this would be exploitable  remotely
    from over the Internet.

    Standard commands of an appropriate size issued to the FTP,  SMTP,
    POP3  and  SOCKS  services  cause  page faults bringing the entire
    program to a halt.

    Sending  an  FTP  "USER"  command  containing approximately 370 or
    more characters  to the  proxy server  FTP TCP  port 21 will crash
    it.

    Example #1:

        nc 192.168.1.2 21 < ftp.txt

    Where ftp.txt contains:

        USER [long string of ~370 chars]@isp.com

    Sending an  SMTP "HELO"  command containing  approximately 370  or
    more characters to  the proxy server  SMTP TCP port  25 will crash
    it.

    Example #2:

        nc 192.168.1.2 21 < smtp.txt

    Where smtp.txt contains:

        HELO [long string of ~370 chars]@isp.com

    Sending  a  POP3  "USER"  command  containing approximately 370 or
    more  characters  to  the  proxy  server  POP3  TCP  port 110 will
    crash it.

    Example #3:

        nc 192.168.1.2 21 < pop3.txt

    Where pop3.txt contains:

        USER [long string of ~370 chars]@isp.com

    Sending a SOCKS4  "CONNECT" request with  an overly large  user ID
    field of roughly 1800 characters or more to the proxy server SOCKS
    TCP port 1080 will crash it.

    Example #4:

        nc 192.168.1.2 1080 < socks.dat

    Where  socks.dat  contains  binary  data  with  a user ID field of
    approx. 1800 bytes.

SOLUTION

    Download Proxy 4.05 from

        http://www.analogx.com/contents/download/network/proxy.htm

    Prelimiary  tests  of  the  fix  by  Foundstone have confirmed the
    problem is corrected.