##############################################################################
#
#  CCProxy Server HTTP CONNECT Request BOF Vulnerability
#
#  Copyright: SecPod
#
#  Date Written: 2008/10/06
#
#  Revision: 1.2
#
#  Log : ssharath
#  Issue #0300
#  ------------------------------------------------------------------------
#  This program was written by SecPod and is licensed under the GNU GPL 
#  license. Please refer to the below link for details,
#  http://www.gnu.org/licenses/gpl.html
#  This header contains information regarding licensing terms under the GPL, 
#  and information regarding obtaining source code from the Author. 
#  Consequently, pursuant to section 3(c) of the GPL, you must accompany the 
#  information found in this header with any distribution you make of this 
#  Program.
#  ------------------------------------------------------------------------
##############################################################################

if(description)
{
  script_id(900145);
  script_bugtraq_id(31416);
  script_copyright(english:"Copyright (C) 2008 SecPod");
  script_version("Revision: 1.1 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Denial of Service");
  script_name(english:"CCProxy Server HTTP CONNECT Request BOF Vulnerability");
  script_summary(english:"Check for vulnerable version of CCProxy Server");
  desc["english"] = "
  Overview : The host is running CCProxy Server, which is prone to stack based
  Buffer Overflow vulnerability.

  Vulnerability Insight:

  The flaw exists due to boundary error in the processing of CONNECT request
  having an overly long host name sent to the HTTP proxy which is listening on
  808/TCP port.

  Impact:
  Execution arbitrary code to compromise a vulnerable system, and deny
  the service.  

  Impact Level: Application

  Affected Software/OS :
  Youngzsoft CCProxy Server versions prior to 6.6.2 on Windows (all)

  Fix : Update to version 6.62
  http://www.youngzsoft.net/download.htm

  References:
  http://secunia.com/advisories/31997/
  http://jbrownsec.blogspot.com/2008/09/ccproxy-near-stealth-patching.html

  CVSS Score :
    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
    CVSS Temporal Score : 6.9
  Risk factor : High";

  script_description(english:desc["english"]);
  script_dependencies("secpod_reg_enum.nasl");
  script_require_keys("SMB/WindowsVersion");
  exit(0);
}


include("smb_nt.inc");

ccproxyPort = 808;
if(!get_port_state(ccproxyPort)){
  exit(0);
}

if(!get_kb_item("SMB/WindowsVersion")){
  exit(0);
}

ccproxyVer = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
                                 "\Uninstall\CCProxy_is1",
                             item:"DisplayName");
if(ccproxyVer == NULL){
  exit(0);
}

# Grep for versions < 6.62
if(egrep(pattern:"^CCProxy ([0-5]\..*|6\.([0-5]?[0-9]|6[01]))$",
         string:ccproxyVer)){
  security_hole(ccproxyPort);
}