----------------------------------------------------------------------
SNS Advisory No.63
DeleGate Pointer Array Overflow May Let Remote Users Execute Arbitrary Code
Problem first discovered on: Sun, 02 Mar 2003
Published on: Mon, 10 Mar 2003
----------------------------------------------------------------------
Overview:
--------
DeleGate contains a vulnerability that could cause memory to be
overwritten, resulting in pointer array overflow if a large number
of User-Agent: lines are described in the robot.txt file.
Problem Description:
-------------------
When a client attempts to get a robot.txt file from a server site
through DeleGate, DeleGate adds some rules based on this file by
default, whenever it is run as HTTP-PROXY.
Describing several lines of User-Agent: in the robots.txt file could
cause memory to be overwritten, thus resulting in pointer array
overflow.
An attacker could potentially run codes of her choice through
exploitation.
Solution:
---------
Upgrade to the fixed version Delegate 8.5.0.
Discovered by:
--------------
Keigo Yamazaki
Acknowledgements:
----------------
Thanks to:
Yutaka Sato
National Institute of Advanced Industrial Science and Technology (AIST)
Disclaimer:
-----------
The information contained in this advisory may be revised without prior
notice and is provided as it is. Users shall take their own risk when
taking any actions following reading this advisory. LAC Co., Ltd. shall
take no responsibility for any problems, loss or damage caused by, or by
the use of information provided here.
This advisory can be found at the following URL:
http://www.lac.co.jp/security/english/snsadv_e/63_e.html
SNS Advisory No.63
DeleGate Pointer Array Overflow May Let Remote Users Execute Arbitrary Code
Problem first discovered on: Sun, 02 Mar 2003
Published on: Mon, 10 Mar 2003
----------------------------------------------------------------------
Overview:
--------
DeleGate contains a vulnerability that could cause memory to be
overwritten, resulting in pointer array overflow if a large number
of User-Agent: lines are described in the robot.txt file.
Problem Description:
-------------------
When a client attempts to get a robot.txt file from a server site
through DeleGate, DeleGate adds some rules based on this file by
default, whenever it is run as HTTP-PROXY.
Describing several lines of User-Agent: in the robots.txt file could
cause memory to be overwritten, thus resulting in pointer array
overflow.
An attacker could potentially run codes of her choice through
exploitation.
Tested Versions:
----------------
DeleGate 8.3.4 (UNIX)
DeleGate 8.4.0 (Windows)
Solution:
---------
Upgrade to the fixed version Delegate 8.5.0.
Discovered by:
--------------
Keigo Yamazaki
Acknowledgements:
----------------
Thanks to:
Yutaka Sato
National Institute of Advanced Industrial Science and Technology (AIST)
Disclaimer:
-----------
The information contained in this advisory may be revised without prior
notice and is provided as it is. Users shall take their own risk when
taking any actions following reading this advisory. LAC Co., Ltd. shall
take no responsibility for any problems, loss or damage caused by, or by
the use of information provided here.
This advisory can be found at the following URL:
http://www.lac.co.jp/security/english/snsadv_e/63_e.html
------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv (at) lac.co (dot) jp [email concealed]>
Computer Security Laboratory, LAC http://www.lac.co.jp/security/
[ reply ]