tinyproxy vulnerability

Created 2/7/01
CVE 2001-0129

Impact

A remote attacker could create a denial-of-service or execute arbitrary code on the server.

Background

Tinyproxy is a simple HTTP proxy server designed for small networks. Its function is to relay HTTP requests and responses between a web client and a web server.

The Problem

A buffer overflow condition in the part of the code which handles invalid requests could be exploited to create a denial of service or to execute arbitrary code.

Resolution

Install the latest version of tinyproxy.

Where can I read more about this?

See Packet Knights advisory #002. FreeBSD users should refer to FreeBSD Security Advisory 01:15.