ID CVE-2005-0861 Type cve Reporter cve@mitre.org Modified 2017-07-11T01:32:00
Description
Multiple buffer overflows in DeleGate before 8.11.1 may allow attackers to cause a denial of service or execute arbitrary code, possibly due to "overflows on arrays."
{"openvas": [{"lastseen": "2019-05-29T18:31:58", "bulletinFamily": "scanner", "description": "The remote host is running Delegate which is vulnerable to multiple\n remote buffer overflow vulnerabilities which may allow an attacker to execute arbitrary code on the remote host.", "modified": "2019-05-14T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231017599", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231017599", "title": "Delegate Multiple Overflows", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# Description: Delegate Multiple Overflows\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n# Changes by Tenable Network Security:\n# - POP3 check\n#\n# Copyright:\n# Copyright (C) 2005 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.17599\");\n script_version(\"2019-05-14T08:13:05+0000\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 08:13:05 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2005-0861\");\n script_bugtraq_id(12867);\n script_name(\"Delegate Multiple Overflows\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"This script is Copyright (C) 2005 David Maciejak\");\n script_family(\"Gain a shell remotely\");\n script_dependencies(\"http_version.nasl\", \"popserver_detect.nasl\");\n script_require_ports(\"Services/http_proxy\", 8080, \"Services/pop3\", 110, 995);\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 8.10.3 or later.\");\n\n script_tag(name:\"summary\", value:\"The remote host is running Delegate which is vulnerable to multiple\n remote buffer overflow vulnerabilities which may allow an attacker to execute arbitrary code on the remote host.\");\n\n script_tag(name:\"impact\", value:\"This problem may allow an attacker to gain a shell on this computer.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"pop3_func.inc\");\ninclude(\"version_func.inc\");\ninclude(\"misc_func.inc\");\n\nports = pop3_get_ports();\nforeach port(ports) {\n banner = get_pop3_banner(port:port);\n if( banner && egrep(pattern:\"^\\+OK Proxy-POP server \\(Delegate/([0-7]\\..*|8\\.([0-9]\\..*|10\\.[0-2][^0-9])) by\", string:banner)) {\n report = report_fixed_ver(installed_version:banner, fixed_version:\"8.10.3\");\n security_message(port:port, data:report);\n }\n}\n\nport = get_port_for_service(default:8080, proto:\"http_proxy\");\nbanner = get_http_banner(port:port);\nif(!banner || \"DeleGate\" >!< banner)\n exit(0);\n\n#Server: DeleGate/8.11.1\nserv = strstr(banner, \"Server\");\nif(ereg(pattern:\"^Server:.*DeleGate/([0-7]\\.|8\\.([0-9]\\.|10\\.[0-2][^0-9]))\", string:serv, icase:TRUE)) {\n report = report_fixed_ver(installed_version:serv, fixed_version:\"8.10.3\");\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-02-21T01:08:28", "bulletinFamily": "scanner", "description": "The remote host is running DeleGate, a multi-application proxy. \n\nAccording to its banner, the installed version of DeleGate contains multiple unspecified 'overflows on arrays', which could lead to arbitrary code execution subject to the privileges under which the application operates.", "modified": "2018-07-10T00:00:00", "id": "DELEGATE_OVERFLOW2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=17599", "published": "2005-03-22T00:00:00", "title": "DeleGate < 8.11 Multiple Unspecified Overflows", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17599);\n script_version(\"1.13\");\n\n script_cve_id(\"CVE-2005-0861\");\n script_bugtraq_id(12867);\n\n script_name(english:\"DeleGate < 8.11 Multiple Unspecified Overflows\");\n script_summary(english:\"Checks version in DeleGate's banner\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote proxy server is affected by multiple buffer overflow\nissues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running DeleGate, a multi-application proxy. \n\nAccording to its banner, the installed version of DeleGate contains\nmultiple unspecified 'overflows on arrays', which could lead to\narbitrary code execution subject to the privileges under which the\napplication operates.\");\n script_set_attribute(attribute:\"see_also\", value:\n\"http://www.delegate.org/mail-lists/delegate-en/2793\");\n script_set_attribute(attribute:\"see_also\", value:\n\"http://www.delegate.org/mail-lists/delegate-en/2840\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to DeleGate version 8.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\n\"2005/03/22\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/03/15\");\n script_cvs_date(\"Date: 2018/07/10 14:27:33\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Firewalls\"); \n script_dependencie(\"http_version.nasl\",\"find_service1.nasl\");\n script_require_ports(\"Services/http_proxy\", 8080, \"Services/pop3\", 110);\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"http_func.inc\");\ninclude(\"pop3_func.inc\");\n\n\nport = get_kb_item(\"Services/pop3\");\nif ( ! port ) port = 110;\nif ( get_port_state(port) )\n{\n banner = get_pop3_banner(port:port);\n if ( banner )\n {\n if ( egrep(pattern:\"^\\+OK Proxy-POP server \\(Delegate/([0-7]\\..*|8\\.([0-9]\\..*|10\\..)) by\", string:banner) )\n\tsecurity_hole(port);\n exit(0);\n }\n}\n\nport = get_kb_item(\"Services/http_proxy\");\nif(!port) port = 8080;\n\nif(get_port_state(port))\n{\n banner = get_http_banner(port:port);\n if ( banner )\n {\n #Server: DeleGate/8.11.1\n serv = strstr(banner, \"Server\");\n if(ereg(pattern:\"^Server:.*DeleGate/([0-7]\\.|8\\.([0-9]\\.|10\\.))\", string:serv, icase:TRUE))\n security_hole(port);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
