Format string vulnerability in the -a option (daemon mode) in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Proxytunnel | Proxytunnel | 1.0.6 (including) | 1.0.6 (including) |
| Proxytunnel | Proxytunnel | 1.1.3 (including) | 1.1.3 (including) |
| Proxytunnel | Proxytunnel | 1.2.2 (including) | 1.2.2 (including) |
| Proxytunnel | Proxytunnel | 1.2_.0 (including) | 1.2_.0 (including) |
References
- http://proxytunnel.sourceforge.net/news.html
- http://www.gentoo.org/security/en/glsa/glsa-200411-07.xml
- http://www.securityfocus.com/bid/11592
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17945
- http://proxytunnel.sourceforge.net/news.html
- http://www.gentoo.org/security/en/glsa/glsa-200411-07.xml
- http://www.securityfocus.com/bid/11592
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17945