>From "zer0-logic" :





           Network Security Solutions Inc. Security Advisory

                     ( Philippine based Security Company )

                          http://www.nssolution.net

                             http://connect.to/nssi



         ]** AnalogX Proxy Server DoS/Buffer Overflow Vulnerabilty **[



                       Author: Abraham Lincoln H.

                      Handle: zer0logic



         Email : Abraham@Nssolution.net, zer0logic@Privacyx.Com

                     lincoln@privacyX.com, KnowledgeBase@Lycos.com



Date Discovered: November 15, 2000

            Vendor:   AnalogX.Com

Version Affected: AnalogX Proxy Server release 4.10

                           for Win 95 / 98 / NT / Win2k

   Local : Yes

Remote: Yes

     Risk: High



Problem Description:



      NSSI Team has discovered a Local/Remote Buffer Overflow/DoS

Vulnerabiltiy on AnalogX Proxy Server that could allow a Malicious

Attacker to disable the whole proxy server by just attacking a single

analogX proxy service.



Vulnerable Proxy Services; FTP, POP3, SMTP and Proxy Logger



        The Problem lies when FTP Service is ON and Logging is enabled or

disabled, or SMTP Service is ON and Logging is enabled or disabled, POP3

Service is ON and logging is enabled. When the Attacker Sends a Multiple

Abnormal Strings to a certain affected service it causes the whole Proxy to Shutd0wn.

the proxy needs to re-start again to perform normal operation.



OUTPUT Error Message when Logging is Disabled:



    FTP Service error msg.:

                ABORT: Memory corrupt before (10241)

                            (PROTO\ftp.c\523)



  SMTP Service error msg.:

                ABORT: Memory corrupt before (10241)

                            (PROTO\smtp.c\379)



OUTPUT Error message when Logging is Enabled:



    FTP Service error msg.:

                    ABORT: Last String too large for Buffer (1509 > 1024)

                                (log.c/114)



   POP3 Service error msg.:

                           ABORT: Last String too large for Buffer (1509 > 1024)

                                       (log.c/114)



 SMTP Service error msg.:

                   ABORT: Last String too large for Buffer (10301 > 1024)

                        (log.c/114)



NOT Affected Services:

                              HTTP Proxy: 6588

                             Socks Proxy: 1080

                                       NNTP: 119



Work Around:

            Disable FTP Proxy service

            Disable SMTP Proxy service

            Disable POP3 Proxy service if Logging is enabled



Vendor Status: AnalogX has been notified of this Vulnerability but no patch has been issued.



Related Links:  http://www.nssolution.net

                         http://connect.to/nssi



Feedback and Inquiries:

            If you have any questions, inquiries, feedback, concerns and

updates pls don't hesitate to email us.



For Inquiries,Concerns and updates - Info@nssolution.net



for Comments and Questions - Abraham@nssolution.net, lincoln@privacyx.com

                                             zer0logic@privacyx.com



Disclaimer:

        This paper is intended for informational purpose only. We are not

responsible for the the  Use and/or potential effects of these advisories.

Read this at your own risk or not at all.



Copyright(c) 2000-2001 Network Security Solutions Inc.

Permission is herby granted for the redistribution of this alert

electronically. if you wish to reprint or modify this document Contact us

1st or email us at: info@nssolution.net