CVE-2024-25398 - Srelay v.4.8p3 Denial of Service Vulnerability

A denial-of-service (DoS) vulnerability has been discovered in Srelay (the SOCKS proxy and Relay) v..4.8p3. This vulnerability, tracked as CVE-2024-25398, can be exploited by cyber criminals to send a specially crafted network payload that triggers a disruption in the proxy service. As a result, the affected service becomes unresponsive, causing inconvenience to users and impact on the overall service functionality.

Vulnerability Details

An attacker exploiting this vulnerability can craft a specific network payload that, when processed by Srelay's core proxy handling system, causes a denial of service situation. The attack can cause the affected service to hang indefinitely, making it unavailable for users who rely on it.

The vulnerability exists in Srelay's proxy handler code, specifically within the process_request() function, which is responsible for processing incoming network requests from clients and forwarding them to the target servers via the SOCKS proxy.

Here is a code snippet showcasing the exploitable function in Srelay v.4.8p3

int process_request(request_t *req) {
  // ...

  /* Parse the incoming client request */
  int rc = parse_request(req, &masked_target_addr);

  // ...

  /* Set up the connection to the target server */
  int s_target = socket(masked_target_addr.ss_family, SOCK_STREAM, );

  // ...

  /* Forward requests and send responses between client and target server */
  forward_requests(s_client, s_target);

  // ...
}

As seen in the code snippet, the process_request() function parses the incoming request, sets up a connection to the target server, and then forwards the subsequent requests between client and server. The vulnerability is in the way that Srelay processes incoming payloads, allowing an attacker to craft a payload that causes the service to hang indefinitely, denying further service to users.

To exploit this vulnerability, a cyber criminal could use a network traffic generator or exploit toolkit to create and send the malicious payload to the Srelay proxy service. As there are no specific patches or fixes available right now, it is essential that users apply mitigations, such as limiting traffic and using monitoring software, to protect their systems from this vulnerability.

Original References

- Srelay project homepage
- CVE-2024-25398 in the National Vulnerability Database
- Vulnerability announcement on the OSS Security mailing list

Conclusion and Recommendations

It is essential for users running Srelay v.4.8p3 to be aware of this denial of service vulnerability. By understanding the nature of the exploit and the affected code, users can take steps to prevent and mitigate the associated risks. While Srelay's developers work on addressing the vulnerability, users can implement measures such as limiting incoming traffic, adding proper network segmentation and monitoring for unusual network activities. By staying informed of the CVE-2024-25398 updates and promptly applying mitigations, users can protect their SOCKS proxy deployments better and ensure the service's stability and safety.

Timeline

Published on: 02/27/2024 16:15:46 UTC
Last modified on: 02/28/2024 14:07:00 UTC