COMMAND

    AnalogX

SYSTEMS AFFECTED

    AnalogX Proxy Server release 4.10

PROBLEM

    Following  is  based  on  a  Network  Security  Solutions Security
    Advisory.   NSSI  Team   has  discovered  a  Local/Remote   Buffer
    Overflow/DoS  Vulnerabiltiy  on  AnalogX  Proxy  Server that could
    allow a Malicious  Attacker to disable  the whole proxy  server by
    just attacking a single  analogX proxy service.   Vulnerable Proxy
    Services are FTP, POP3, SMTP and Proxy Logger.

    The Problem lies when FTP Service is ON and Logging is enabled  or
    disabled,  or  SMTP  Service  is  ON  and  Logging  is  enabled or
    disabled, POP3  Service is  ON and  logging is  enabled.  When the
    Attacker Sends a Multiple  Abnormal Strings to a  certain affected
    service it causes  the whole Proxy  to Shutdown.   The proxy needs
    to re-start again to perform normal operation.

    OUTPUT Error Message when Logging is Disabled:

    FTP Service error msg.:
                ABORT: Memory corrupt before (10241)
                            (PROTO\ftp.c\523)

  SMTP Service error msg.:
                ABORT: Memory corrupt before (10241)
                            (PROTO\smtp.c\379)

    OUTPUT Error message when Logging is Enabled:

    FTP Service error msg.:
                    ABORT: Last String too large for Buffer (1509 > 1024)
                                (log.c/114)

   POP3 Service error msg.:
                           ABORT: Last String too large for Buffer (1509 > 1024)
                                       (log.c/114)

 SMTP Service error msg.:
                   ABORT: Last String too large for Buffer (10301 > 1024)
                        (log.c/114)

NOT Affected Services:
                              HTTP Proxy: 6588
                             Socks Proxy: 1080
                                       NNTP: 119

SOLUTION

    - Disable FTP Proxy service
    - Disable SMTP Proxy service
    - Disable POP3 Proxy service if Logging is enabled

    AnalogX has been notified of  this Vulnerability but no patch  has
    been issued.