1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




CCProxy HTTP Proxy "CONNECT" Buffer Overflow Vulnerability

Report ID: SA31997
Source: Secunia
Date of Discovery: 26.09.2008
Criticality: Urgent
Affects:
CCProxy 6.x

Compromise From: From remote
Compromise Type: DoS
System access

Summary

A vulnerability has been discovered in CCProxy, which potentially can be exploited by malicious people to compromise a vulnerable system.

Detailed Description

A vulnerability has been discovered in CCProxy, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the processing of "CONNECT" requests sent to the HTTP proxy (listening on TCP port 808 by default). This can be exploited to cause a stack-based buffer overflow via a "CONNECT" request having an overly long hostname.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 6.61. Prior versions may also be affected.

Solution

Update to version 6.62.

Original Reference

-