I.Synopsis A vulnerability has been discovered in 3proxy allowing for the remote execution of arbitrary code. There is a double free vulnerability in function ftpprchild(). ... if (!strncasecmp((char *)buf, "OPEN ", 5)){ if(param->hostname) myfree(param->hostname); <--first free if(parsehostname((char *)buf+5, param, 21)){RETURN(803);} the parsehostname will free param->hostname again. int parsehostname(char *hostname, struct clientparam *param, unsigned short port){ char *sp; if(!hostname || !*hostname)return 1; if ( (sp = strchr(hostname, ':')) ) *sp = 0; if(param->hostname) myfree(param->hostname); <-- double free Impact A remote attacker could send a specially crafted transparent request to the proxy, resulting in the execution of arbitrary code with privileges of the user running 3proxy. Credit: Venustech AD-LAB discovery this vuln. Thank to all Venustech AD-Lab guys.
Something's weird here, I'm absolutely sure there was no existing report about this issue when I searched for it 3 seconds ago.. *** This bug has been marked as a duplicate of bug 196772 ***
