Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Socks Server, malicious request sending

July 2009 by Vigil@nce

An attacker can send a malicious query to Socks Server, so that it
will send another malicious query.

Severity: 2/4

Consequences: data reading, data creation/edition

Provenance: intranet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 08/07/2009

IMPACTED PRODUCTS

 Unix - plateform

DESCRIPTION OF THE VULNERABILITY

The Socks Server proxies TCP sessions or UDP data. The second byte
of a Socksv5 packet indicates the wanted proxy type:

 CONNECT (1) : TCP client
 BIND (2) : TCP server
 UDP_ASSOCIATE (3) : UDP data

The RequestParsing() function of the SS5Mod_socks4.c or
SS5Mod_socks5.c module does not check if the proxy type indicated
in the query is superior to 3. This error has no impact in the
main code of Socks Server. However, the V52V4Request() function,
which creates the query for a chained proxy in version 4, uses
this invalid value. The second proxy thus receives this invalid
value, which may have an impact on its security.

An attacker can therefore send a malicious query to Socks Server,
so that it will send another malicious query.

CHARACTERISTICS

Identifiers: BID-35587, CVE-2009-2368, VIGILANCE-VUL-8846

http://vigilance.fr/vulnerability/Socks-Server-malicious-request-sending-8846


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts