{"id": "CVE-2005-0861", "bulletinFamily": "NVD", "title": "CVE-2005-0861", "description": "Multiple buffer overflows in DeleGate before 8.11.1 may allow attackers to cause a denial of service or execute arbitrary code, possibly due to \"overflows on arrays.\"", "published": "2005-05-02T00:00:00", "modified": "2017-07-10T21:32:26", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0861", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/19775", "http://www.delegate.org/mail-lists/delegate-en/2840"], "cvelist": ["CVE-2005-0861"], "type": "cve", "lastseen": "2017-07-11T11:14:50", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:delegate:delegate:8.11.0"], "cvelist": ["CVE-2005-0861"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple buffer overflows in DeleGate before 8.11.1 may allow attackers to cause a denial of service or execute arbitrary code, possibly due to \"overflows on arrays.\"", "edition": 1, "enchantments": {}, "hash": "79fb30bb38f846aa81d3a396fbc8f0c60c11e036ddcbe2dc5e0dd1e6f470ced8", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "aadf9fc6ad370b156e69cbbb155193ff", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "44f3f972f1219e5a5130d74f050ce136", "key": "published"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "3602b273967cf60423def362d13e2245", "key": "references"}, {"hash": "0802e5ecf21f2a4afa416c86f88d4a4c", "key": "title"}, {"hash": "5aed9beb81e018dfeabe1097cf1e1651", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0d799ce11a17027db25b5cb98b3addf6", "key": "cpe"}, {"hash": "6479c4a4b54a8c191f1290d5c03d5e31", "key": "description"}, {"hash": "c86eec034d22d4e339a8ef82cd594710", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0861", "id": "CVE-2005-0861", "lastseen": "2016-09-03T05:14:45", "modified": "2008-09-05T16:47:31", "objectVersion": "1.2", "published": "2005-05-02T00:00:00", "references": ["http://xforce.iss.net/xforce/xfdb/19775", "http://www.delegate.org/mail-lists/delegate-en/2840"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-0861", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T05:14:45"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "0d799ce11a17027db25b5cb98b3addf6"}, {"key": "cvelist", "hash": "aadf9fc6ad370b156e69cbbb155193ff"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "6479c4a4b54a8c191f1290d5c03d5e31"}, {"key": "href", "hash": "5aed9beb81e018dfeabe1097cf1e1651"}, {"key": "modified", "hash": "e3b08e9f8d617c60c75a3629a0df21b0"}, {"key": "published", "hash": "44f3f972f1219e5a5130d74f050ce136"}, {"key": "references", "hash": "8a5e76cbc2ba11acabaef51cf954e194"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "0802e5ecf21f2a4afa416c86f88d4a4c"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "0ef60bf2c53cb8b38b425f4c44eb0f73c61e6015da6bb1351684975f3c94c866", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-07-11T11:14:50"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:delegate:delegate:8.11.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"nessus": [{"lastseen": "2018-09-01T23:39:49", "references": ["http://www.delegate.org/mail-lists/delegate-en/2793", "http://www.delegate.org/mail-lists/delegate-en/2840"], "pluginID": "17599", "description": "The remote host is running DeleGate, a multi-application proxy. \n\nAccording to its banner, the installed version of DeleGate contains multiple unspecified 'overflows on arrays', which could lead to arbitrary code execution subject to the privileges under which the application operates.", "edition": 4, "reporter": "Tenable", "published": "2005-03-22T00:00:00", "title": "DeleGate < 8.11 Multiple Unspecified Overflows", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Firewalls", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0861"], "modified": "2018-07-10T00:00:00", "cpe": [], "id": "DELEGATE_OVERFLOW2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=17599", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17599);\n script_version(\"1.13\");\n\n script_cve_id(\"CVE-2005-0861\");\n script_bugtraq_id(12867);\n\n script_name(english:\"DeleGate < 8.11 Multiple Unspecified Overflows\");\n script_summary(english:\"Checks version in DeleGate's banner\"); \n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote proxy server is affected by multiple buffer overflow\nissues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running DeleGate, a multi-application proxy. \n\nAccording to its banner, the installed version of DeleGate contains\nmultiple unspecified 'overflows on arrays', which could lead to\narbitrary code execution subject to the privileges under which the\napplication operates.\");\n script_set_attribute(attribute:\"see_also\", value:\n\"http://www.delegate.org/mail-lists/delegate-en/2793\");\n script_set_attribute(attribute:\"see_also\", value:\n\"http://www.delegate.org/mail-lists/delegate-en/2840\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to DeleGate version 8.11 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\n\"2005/03/22\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/03/15\");\n script_cvs_date(\"Date: 2018/07/10 14:27:33\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Firewalls\"); \n script_dependencie(\"http_version.nasl\",\"find_service1.nasl\");\n script_require_ports(\"Services/http_proxy\", 8080, \"Services/pop3\", 110);\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"http_func.inc\");\ninclude(\"pop3_func.inc\");\n\n\nport = get_kb_item(\"Services/pop3\");\nif ( ! port ) port = 110;\nif ( get_port_state(port) )\n{\n banner = get_pop3_banner(port:port);\n if ( banner )\n {\n if ( egrep(pattern:\"^\\+OK Proxy-POP server \\(Delegate/([0-7]\\..*|8\\.([0-9]\\..*|10\\..)) by\", string:banner) )\n\tsecurity_hole(port);\n exit(0);\n }\n}\n\nport = get_kb_item(\"Services/http_proxy\");\nif(!port) port = 8080;\n\nif(get_port_state(port))\n{\n banner = get_http_banner(port:port);\n if ( banner )\n {\n #Server: DeleGate/8.11.1\n serv = strstr(banner, \"Server\");\n if(ereg(pattern:\"^Server:.*DeleGate/([0-7]\\.|8\\.([0-9]\\.|10\\.))\", string:serv, icase:TRUE))\n security_hole(port);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:35:54", "references": [], "pluginID": "136141256231017599", "description": "The remote host is running Delegate, a multi-application proxy.\n\nThe remote version of this software is vulnerable to multiple\nremote buffer overflow vulnerabilities which may allow an attacker\nto execute arbitrary code on the remote host.\n\nThis problem may allow an attacker to gain a shell on this computer.", "edition": 3, "reporter": "This script is Copyright (C) 2005 David Maciejak", "published": "2005-11-03T00:00:00", "title": "Delegate Multiple Overflows", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gain a shell remotely", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0861"], "modified": "2016-12-08T00:00:00", "id": "OPENVAS:136141256231017599", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231017599", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: delegate_overflow2.nasl 4715 2016-12-08 12:26:47Z mime $\n# Description: Delegate Multiple Overflows\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n# Changes by Tenable Network Security:\n# - POP3 check\n#\n# Copyright:\n# Copyright (C) 2005 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.17599\");\n script_version(\"$Revision: 4715 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-08 13:26:47 +0100 (Thu, 08 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_cve_id(\"CVE-2005-0861\");\n script_bugtraq_id(12867);\n\n script_name(\"Delegate Multiple Overflows\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_copyright(\"This script is Copyright (C) 2005 David Maciejak\");\n script_family(\"Gain a shell remotely\");\n script_dependencies(\"http_version.nasl\",\"find_service.nasl\");\n script_require_ports(\"Services/http_proxy\", 8080, \"Services/pop3\", 110);\n script_tag(name : \"solution\" , value : \"Upgrade to version 8.10.3 of this product\");\n script_tag(name : \"summary\" , value :\"The remote host is running Delegate, a multi-application proxy.\n\nThe remote version of this software is vulnerable to multiple\nremote buffer overflow vulnerabilities which may allow an attacker\nto execute arbitrary code on the remote host.\n\nThis problem may allow an attacker to gain a shell on this computer.\" );\n exit(0);\n}\n\n#\n# The script code starts here\n#\ninclude(\"http_func.inc\");\ninclude(\"pop3_func.inc\");\n\n\nport = get_kb_item(\"Services/pop3\");\nif ( ! port ) port = 110;\nif ( get_port_state(port) )\n{\n banner = get_pop3_banner(port:port);\n if ( banner )\n {\n if ( egrep(pattern:\"^\\+OK Proxy-POP server \\(Delegate/([0-7]\\..*|8\\.([0-9]\\..*|10\\.[0-2][^0-9])) by\", string:banner) )\n\tsecurity_message(port);\n exit(0);\n }\n}\n\nport = get_kb_item(\"Services/http_proxy\");\nif(!port) port = 8080;\n\nif(get_port_state(port))\n{\n banner = get_http_banner(port:port);\n if ( banner )\n {\n #Server: DeleGate/8.11.1\n serv = strstr(banner, \"Server\");\n if(ereg(pattern:\"^Server:.*DeleGate/([0-7]\\.|8\\.([0-9]\\.|10\\.[0-2][^0-9]))\", string:serv, icase:TRUE))\n security_message(port);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}