Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution

Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution

Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution

https://firewall.firm.in/wp-content/uploads/2024/05/hack.jpg

May 06, 2024NewsroomVulnerability / Server Security

More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that’s vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool.

The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free bug impacting versions 1.10.0 and 1.11.1, which is the latest version.

“A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution,” Talos said in an advisory last week. “An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability.”

Cybersecurity

In other words, an unauthenticated threat actor could send a specially crafted HTTP Connection header to trigger memory corruption that can result in remote code execution.

According to data shared by attack surface management company Censys, of the 90,310 hosts exposing a Tinyproxy service to the public internet as of May 3, 2024, 52,000 (~57%) of them are running a vulnerable version of Tinyproxy.

A majority of the publicly-accessible hosts are located in the U.S. (32,846), South Korea (18,358), China (7,808), France (5,208), and Germany (3,680).

Talos, which reported the issue to December 22, 2023, has also released a proof-of-concept (PoC) for the flaw, describing how the issue with parsing HTTP Connection connections could be weaponized to trigger a crash and, in some cases, code execution.

The maintainers of Tinyproxy, in a set of commits made over the weekend, called out Talos for sending the report to a likely “outdated email address,” adding they were made aware by a Debian Tinyproxy package maintainer on May 5, 2024.

Cybersecurity

“No GitHub issue was filed, and nobody mentioned a vulnerability on the mentioned IRC chat,” rofl0r said in a commit. “If the issue had been reported on Github or IRC, the bug would have been fixed within a day.”

Users are advised to update to the latest version as and when they become available. It’s also recommended that the Tinyproxy service is not exposed to the public internet.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket