Информационная безопасность
[RU] switch to English

Дополнительная информация

  Двойное освобождение памяти в 3proxy (double free)

  3proxy double free vulnerability

From:3APA3A <3APA3A_(at)_security.nnov.ru>
Date:23 октября 2007 г.
Subject:3proxy 0.5.3j released (bugfix)

3proxy  (  http://3proxy.ru/  ) is multi-platform (Windows, Linux, Unix)
multi-protocol  proxy  server  with abilities to mange traffic flows and
bandwidths,    convert   requests   between   different   proxy   types,
authenticate,  authorize,  control,  limit  and account users access and

3proxy   0.5.3j   version   was   released,  to  address  double  free()
vulnerability  in  FTP proxy module (ftppr) reported by Venustech AD-LAB
(CVE-2007-5622).  Vulnerable  3proxy  versions are 0.5 - 0.5.3i. Current
branch (0.6) is not affected.

3proxy 0.5.3j can be downloaded from http://3proxy.ru/download/

Because  of  programming  error resulting in double free() vulnerability
during  the  handling of "OPEN" FTP proxy request, it may be possible to
crash  3proxy service by repeating this request. Reliable code execution
doesn't seem possible.

FTP  proxy  is special non-standard (no RFC specification) type of proxy
server  with  extended  RFC  959  command  set, compatible with only few
graphical  FTP  clients.  It's  not  compatible  with  browsers, because
browsers  use  different, FTP over HTTP proxy. FTP proxy is not commonly

Vulnerability  requires 'ftppr' service to be manually enabled in 3proxy
configuration  file  or  special  'ftppr'  application executed. No over
services  (SOCKS,  HTTP including FTP over HTTP proxy, POP3, TCP and UDP
portmapping, etc) are affected.

Vulnerability  is  of pre-authentication type, but, because FTP proxy in
3proxy  0.5x  branch doesn't support reverse proxing, it should never be
accessible  from  Internet.  Web  scenario with exploitation through the
legitimate  client  is also impossible. Under typical configuration, the
scope of this vulnerability is limited to local network.

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород