TUCoPS :: Web :: General :: a6065.htm

DeleGate Pointer Array Overflow May Let Remote Users Execute Arbitrary Code
14th Mar 2003 [SBWID-6065]
COMMAND

	DeleGate Pointer Array Overflow May Let Remote Users  Execute  Arbitrary
	Code

SYSTEMS AFFECTED

	 Tested Versions:
	 ----------------
	 
	  DeleGate 8.3.4 (UNIX)
	  DeleGate 8.4.0 (Windows)

PROBLEM

	Thanks to Yutaka Sato and  National  Institute  of  Advanced  Industrial
	Science  and  Technology  (AIST),  Secure  Net   Service(SNS)   Security
	Advisory   [snsadv@lac.co.jp]   Computer   Security   Laboratory,    LAC
	[http://www.lac.co.jp/security/] :
	
	 http://www.lac.co.jp/security/english/snsadv_e/63_e.html
	
	DeleGate  contains  a  vulnerability  that  could  cause  memory  to  be
	overwritten, resulting in pointer array overflow if a  large  number  of
	User-Agent: lines are described in the robot.txt file.
	
	 Problem Description:
	 -------------------
	
	When a client attempts to get  a  robot.txt  file  from  a  server  site
	through DeleGate, DeleGate  adds  some  rules  based  on  this  file  by
	default, whenever it is run as HTTP-PROXY.
	
	Describing several lines of User-Agent: in  the  robots.txt  file  could
	cause  memory  to  be  overwritten,  thus  resulting  in  pointer  array
	overflow.
	
	An  attacker  could  potentially  run  codes  of  her   choice   through
	exploitation.

SOLUTION

	Upgrade to the fixed version Delegate 8.5.0.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH