Format string vulnerability in simpleproxy before 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Simpleproxy | Simpleproxy | 2.2b (including) | 2.2b (including) |
| Simpleproxy | Simpleproxy | 3.0 (including) | 3.0 (including) |
| Simpleproxy | Simpleproxy | 3.1 (including) | 3.1 (including) |
| Simpleproxy | Simpleproxy | 3.2 (including) | 3.2 (including) |
| Simpleproxy | Ubuntu | dapper | * |
| Simpleproxy | Ubuntu | devel | * |
| Simpleproxy | Ubuntu | edgy | * |
| Simpleproxy | Ubuntu | feisty | * |
References
- http://secunia.com/advisories/16567/
- http://sourceforge.net/project/shownotes.php?group_id=604\u0026release_id=351847
- http://www.debian.org/security/2005/dsa-786
- http://www.kb.cert.org/vuls/id/139421
- http://www.securityfocus.com/bid/14666
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22016
- http://secunia.com/advisories/16567/
- http://sourceforge.net/project/shownotes.php?group_id=604\u0026release_id=351847
- http://www.debian.org/security/2005/dsa-786
- http://www.kb.cert.org/vuls/id/139421
- http://www.securityfocus.com/bid/14666
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22016