tinyproxy vulnerability
Created 2/7/01
CVE 2001-0129
Impact
A remote attacker could create a denial-of-service or
execute arbitrary code on the server.
Background
Tinyproxy
is a simple HTTP proxy server designed for small networks.
Its function is to relay HTTP requests and responses
between a web client and a web server.
The Problem
A buffer overflow condition in the part of the code
which handles invalid requests could be exploited to
create a denial of service or to execute arbitrary code.
Resolution
Install the
latest version
of tinyproxy.
Where can I read more about this?
See Packet
Knights advisory #002. FreeBSD users should refer to
FreeBSD
Security Advisory 01:15.