DeleGate SSLway ssl_prcert Overflow

2004-05-06T00:00:00
ID OSVDB:5945
Type osvdb
Reporter Joel Eriksson(je@bitnux.com)
Modified 2004-05-06T00:00:00

Description

Vulnerability Description

A remote overflow exists in DeleGate. The proxy server fails to prevent a malicious user from using X509_NAME_oneline() function in sslway.c to overwrite the saved return address in the ssl_prcert stack frame resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary shellcode resulting in a loss of integrity.

Solution Description

Upgrade to version 8.9.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in DeleGate. The proxy server fails to prevent a malicious user from using X509_NAME_oneline() function in sslway.c to overwrite the saved return address in the ssl_prcert stack frame resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary shellcode resulting in a loss of integrity.

References:

Vendor URL: http://www.delegate.org/delegate/ Vendor Specific Solution URL: http://www.delegate.org/delegate/download/ Secunia Advisory ID:11569 Other Advisory URL: http://0xbadc0ded.org/advisories/0401.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0266.html ISS X-Force ID: 16078