COMMAND
AnalogX
SYSTEMS AFFECTED
AnalogX Proxy Server release 4.10
PROBLEM
Following is based on a Network Security Solutions Security
Advisory. NSSI Team has discovered a Local/Remote Buffer
Overflow/DoS Vulnerabiltiy on AnalogX Proxy Server that could
allow a Malicious Attacker to disable the whole proxy server by
just attacking a single analogX proxy service. Vulnerable Proxy
Services are FTP, POP3, SMTP and Proxy Logger.
The Problem lies when FTP Service is ON and Logging is enabled or
disabled, or SMTP Service is ON and Logging is enabled or
disabled, POP3 Service is ON and logging is enabled. When the
Attacker Sends a Multiple Abnormal Strings to a certain affected
service it causes the whole Proxy to Shutdown. The proxy needs
to re-start again to perform normal operation.
OUTPUT Error Message when Logging is Disabled:
FTP Service error msg.:
ABORT: Memory corrupt before (10241)
(PROTO\ftp.c\523)
SMTP Service error msg.:
ABORT: Memory corrupt before (10241)
(PROTO\smtp.c\379)
OUTPUT Error message when Logging is Enabled:
FTP Service error msg.:
ABORT: Last String too large for Buffer (1509 > 1024)
(log.c/114)
POP3 Service error msg.:
ABORT: Last String too large for Buffer (1509 > 1024)
(log.c/114)
SMTP Service error msg.:
ABORT: Last String too large for Buffer (10301 > 1024)
(log.c/114)
NOT Affected Services:
HTTP Proxy: 6588
Socks Proxy: 1080
NNTP: 119
SOLUTION
- Disable FTP Proxy service
- Disable SMTP Proxy service
- Disable POP3 Proxy service if Logging is enabled
AnalogX has been notified of this Vulnerability but no patch has
been issued.