Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Socks Server, malicious request sending

July 2009 by Vigil@nce

An attacker can send a malicious query to Socks Server, so that it will send another malicious query.

Severity: 2/4

Consequences: data reading, data creation/edition

Provenance: intranet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 08/07/2009

IMPACTED PRODUCTS

- Unix - plateform

DESCRIPTION OF THE VULNERABILITY

The Socks Server proxies TCP sessions or UDP data. The second byte of a Socksv5 packet indicates the wanted proxy type:

- CONNECT (1) : TCP client
- BIND (2) : TCP server
- UDP_ASSOCIATE (3) : UDP data

The RequestParsing() function of the SS5Mod_socks4.c or SS5Mod_socks5.c module does not check if the proxy type indicated in the query is superior to 3. This error has no impact in the main code of Socks Server. However, the V52V4Request() function, which creates the query for a chained proxy in version 4, uses this invalid value. The second proxy thus receives this invalid value, which may have an impact on its security.

An attacker can therefore send a malicious query to Socks Server, so that it will send another malicious query.

CHARACTERISTICS

Identifiers: BID-35587, CVE-2009-2368, VIGILANCE-VUL-8846

http://vigilance.fr/vulnerability/Socks-Server-malicious-request-sending-8846




See previous articles

    

See next articles