[Japanese]

JVNDB-2004-000511

DeleGate Multiple Buffer Overflow Vulnerabilities

Overview

DeleGate suffers buffer overflow when scanf(), strncpy() and other string handling process are set to fail with a long string sent by proxy.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [NVD Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


DeleGate.org
  • DeleGate 8.10.2 and earlier

Impact

An attacker could execute arbitrary code with the privileges of the user running DeleGate.
Solution

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information

DeleGate.org
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2005-0861
References

  1. National Vulnerability Database (NVD) : CVE-2005-0861
  2. Secunia Advisory : SA14649
  3. SecurityFocus : 12867
  4. ISS X-Force Database : 19775
Revision History

  • [2008/05/21]
      Web page published

Date Public2004/12/01
Date First Published2008/05/21
Date Last Updated2008/05/21