DeleGate Multiple Function Remote Overflows

This script is Copyright (C) 1999-2011 Tenable Network Security, Inc.


Synopsis :

The remote application proxy has a buffer overflow vulnerability.

Description :

The version of the DeleGate proxy server has a remote buffer overflow
vulnerability. This issue can be triggered by issuing the following
command :

whois://a b 1 AAAA..AAAAA

A remote attacker could exploit this issue to cause a denial of
or execute arbitrary code.

There are reportedly hundreds of other remote buffer overflow
vulnerabilities in this version of DeleGate, though Nessus has not
checked for those issues

See also :

http://archives.neohapsis.com/archives/bugtraq/1999-q3/1625.html
http://archives.neohapsis.com/archives/bugtraq/2000-02/0099.html

Solution :

Upgrade to the latest version of DeleGate.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 10054 (delegate_overflow.nasl)

Bugtraq ID: 808

CVE ID: CVE-2000-0165