| VID |
12009 |
| Severity |
40 |
| Port |
1080 |
| Protocol |
TCP |
| Class |
SOCKS |
| Detailed Description |
The SOCKS server is vulnerable to a buffer overflow attack by a request with a too long username.
SOCKS is a general-purpose TCP/IP proxy that isolates and handles most Web traffic. It is available for Unix, Linux, and Microsoft operating environments. SOCKS5 versions 1.0 r11 and earlier and SOCKS4 versions 4.3.beta2 and earlier are vulnerable to a buffer overflow caused by improper bounds checking of usernames. By sending an username of 132 bytes or greater, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the SOCKS server to crash.
* Platforms Affected:
Linux Any version
SOCKS 5-v1.0 r11 and prior
SOCKS4 4.3.beta2 and prior
Unix Any version
Windows Any version |
| Recommendation |
Patches were not issued and are not available as of July 2002. As a workaround, disable the SOCKS service until the patches are provided. If the upgraded versions of SOCKS are available, you can find the download sites though information at http://www.socks.nec.com/socksfaq.html |
| Related URL |
CVE-2002-2368 (CVE) |
| Related URL |
5145,5147 (SecurityFocus) |
| Related URL |
9485 (ISS) |
|
