Reported May 26, 2003, by K.K. Mookhey.

 

 

VERSIONS AFFECTED

 

·         AnalogX 4.13 and earlier

 

DESCRIPTION

 

A vulnerability in AnalogX Proxy 4.13 and earlier can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a buffer-overflow condition. If a malicious user connects to the vulnerable host on TCP Port 6588 and supplies a URL of greater than 340 characters, a buffer overrun is triggered on the vulnerable system. By supplying a specially crafted URL, an attacker can execute arbitrary code on the vulnerable system.

 

VENDOR RESPONSE

 

AnalogX has released version 4.14, which isn't vulnerable to this condition.

 

CREDIT                                                                                                       

 

Discovered by K. K. Mookhey.