• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Simpleproxy Remote Syslog() Format String Vulnerability

It is reported that simpleproxy contains a format string vulnerability. This issue is due to a failure of the applications to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function.

Successful exploitation of this issue will allow an attacker to execute arbitrary code on the affected computer with the privileges of the affected package. This application may be run as the superuser in order to proxy privileged TCP ports.

Versions of simpleproxy prior to 3.4 are reported susceptible to this vulnerability.