• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NEC Socks5 User Name Buffer Overflow Vulnerability

Socks5 is the freely available, open source proxy implementation developed by NEC. It is available for Unix, Linux, and Microsoft operating environments.

Socks5 handles user names in an unsafe manner. A boundary condition error in the software package may make it possible for users to send user names of 132 bytes or greater, and cause memory corruption. This could result in denial of service, and potentially code execution.