AnalogX Proxy SOCKS4a DNS Hostname Handling Remote Overflow
critical Nessus Plugin ID 11126
New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.
VPR Score: 6.6
Synopsis
The remote SOCKS service is prone to a buffer overflow attack.Description
The SOCKS4a service running on the remote host crashes when it receives a request with a long hostname. An attacker may be able to leverage this issue to disable the remote service or even execute arbitrary code on the affected host.Solution
Contact the vendor for a fix.Plugin Details
Severity: Critical
ID: 11126
File Name: socks4a_hostname_overflow.nasl
Version: 1.23
Type: remote
Family: Firewalls
Published: 9/21/2002
Updated: 7/30/2018
Dependencies: find_service1.nasl
Risk Information
Risk Factor: Critical
VPR Score: 6.6
CVSS v2.0
Base Score: 10
Temporal Score: 7.8
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal Vector: E:POC/RL:OF/RC:C
Vulnerability Information
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 7/1/2002
Reference Information
CVE: CVE-2002-1001