Info

Disclosure

May 06, 2004

Discovery

Unknown

Dates

Exploit

May 06, 2004

Solution

Unknown

Description

A remote overflow exists in DeleGate. The proxy server fails to prevent a malicious user from using X509_NAME_oneline() function in sslway.c to overwrite the saved return address in the ssl_prcert stack frame resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary shellcode resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 8.9.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Yutaka Sato

Delegate

8.9.2

References

Bugtraq ID: 10295
Secunia Advisory ID: 11569
ISS X-Force ID: 16078
CVE ID: 2004-2003 (see also: NVD)
Other Advisory URL: http://0xbadc0ded.org/advisories/0401.txt
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0266.html
http://marc.theaimsgroup.com/?l=bugtraq&m=108386181021070&w=2
Vendor URL: http://www.delegate.org/delegate/
Vendor Specific Solution URL: http://www.delegate.org/delegate/download/

Credit

Joel Eriksson - jebitnux.com -

Direct URL: http://osvdb.org/36218