[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:18899] Bug#JP/1100: delegate is horrible insecure in general, and impossible to be secure short time

From: Fumitoshi UKAI <ukai@debian.or.jp>
Subject: [debian-users:18899] Bug#JP/1100: delegate is horrible insecure in general, and impossible to be secure short time
Date: Sun, 14 Nov 1999 15:48:05 +0900
Organization: Debian JP Project
Resent-date: Sun, 14 Nov 1999 06:48:01 GMT
Resent-from: Fumitoshi UKAI <ukai@debian.or.jp>
Resent-message-id: <debbugs-jp.1100.B.94256196420139@bugs.debian.or.jp>
Resent-sender: owner@bugs.debian.or.jp
Resent-to: debian-users@debian.or.jp
X-debian-jp-message: report 1100
X-debian-jp-package: delegate
X-loop: owner@bugs.debian.or.jp
X-ml-info: If you have a question, please make a contact with debian-users-admin@debian.or.jp; <mailto:debian-users-admin@debian.or.jp>
X-ml-name: debian-users
X-mlserver: fml [fml 2.2]; post only (anyone can post)
Message-id: <14382.23089.368823.72159A@xxxxxxxxxxxxxxx>
X-mail-count: 18899
User-agent: Wanderlust/2.2.7 (Escapade) SEMI/1.13.7 (Awazu) FLIM/1.13.2 (Kasanui) Emacs/20.4 (i386-debian-linux-gnu) MULE/4.0 (HANANOEN)

Package: delegate
Version: 5.8.4-1
Severity: critical

やはり delegate は insecure なようで…

PS.
demonstrate exploit は一応削除しておきます

----------------------------------------------------------------
Date: Sat, 13 Nov 1999 17:46:52 -0800
From: Elias Levy <aleph1@xxxxxxxxxxxxxxxxx>
To: ysato@xxxxxxxxx
Cc: delegate@xxxxxxxxx, ukai@debian.or.jp
Subject: FYI
Message-ID: <19991113174652.J11130@xxxxxxxxxxxxxxxxx>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="UTZ8bGhNySVQ9LYl"
X-Mailer: Mutt 1.0pre3i
X-Filter: Fumi::Agent 1.29 for ukai

--UTZ8bGhNySVQ9LYl
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit


-- 
Elias Levy
Security Focus
http://www.securityfocus.com/

--UTZ8bGhNySVQ9LYl
Content-Type: message/rfc822;

Return-Path: <>
Delivered-To: aleph1@xxxxxxxxxxxxxxxxx
Received: (qmail 12932 invoked from network); 13 Nov 1999 18:52:43 -0000
Received: from lists.securityfocus.com (207.126.127.68)
  by securityfocus.com with SMTP; 13 Nov 1999 18:52:43 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com [207.126.127.68])
	by lists.securityfocus.com (Postfix) with ESMTP id CAEF91EFC8
	for <aleph1@xxxxxxxxxxxxxxxxx>; Sat, 13 Nov 1999 10:52:42 -0800 (PST)
Date: Sat, 13 Nov 1999 10:52:42 -0800
From: "L-Soft list server at LISTS.SECURITYFOCUS.COM (1.8d)" <LISTSERV@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: BUGTRAQ: approval required (B53DF4FD)
To: Elias Levy <aleph1@xxxxxxxxxxxxxxxxx>
Message-Id: <19991113185242.CAEF91EFC8@xxxxxxxxxxxxxxxxxxxxxxx>
MIME-Version: 1.0

This message was  originally submitted by scut@xxxxxxxxxxxxxxx  to the BUGTRAQ
list at LISTS.SECURITYFOCUS.COM. You can  approve it using the "OK" mechanism,
ignore it, or repost an edited copy. The message will expire automatically and
you do not need to do anything if you just want to discard it. Please refer to
the list owner's guide if you are  not familiar with the "OK" mechanism; these
instructions  are  being  kept  purposefully short  for  your  convenience  in
processing large numbers of messages.

----------------- Original message (ID=B53DF4FD) (262 lines) ------------------
Return-Path: <owner-bugtraq@xxxxxxxxxxxxxxxxx>
Delivered-To: bugtraq@xxxxxxxxxxxxxxxxxxxxxxx
Received: from securityfocus.com (securityfocus.com [207.126.127.66])
	by lists.securityfocus.com (Postfix) with SMTP id 3B19F20A8F
	for <bugtraq@xxxxxxxxxxxxxxxxxxxxxxx>; Sat, 13 Nov 1999 10:52:39 -0800 (PST)
Received: (qmail 12821 invoked by alias); 13 Nov 1999 18:52:39 -0000
Delivered-To: bugtraq@xxxxxxxxxxxxxxxxx
Received: (qmail 12795 invoked from network); 13 Nov 1999 18:52:38 -0000
Received: from gnu.in-berlin.de (HELO mail.vr.IN-Berlin.DE) (192.109.42.4)
  by securityfocus.com with SMTP; 13 Nov 1999 18:52:38 -0000
Received: from nb.in-berlin.de (root@xxxxxxxxxxxxxxx [194.94.235.146])
	by mail.vr.IN-Berlin.DE (8.9.3/8.9.3) with SMTP id TAA08386;
	Sat, 13 Nov 1999 19:52:30 +0100 (CET)
	(envelope-from scut@xxxxxxxxxxxxxxx)
Received: from localhost by nb.in-berlin.de
	via sendmail with esmtp
	id <m11miJr-000MULC@xxxxxxxxxxxxxxx>
	for <teso@xxxxxxxxxxxxx>; Sat, 13 Nov 1999 19:54:39 +0100 (CET)
	(Smail-3.2 1996-Jul-4 #1 built 1998-Dec-12)
Date: Sat, 13 Nov 1999 19:54:39 +0100 (CET)
From: Sebastian <scut@xxxxxxxxxxxxxxx>
To: bugtraq@xxxxxxxxxxxxxxxxx
Cc: teso@xxxxxxxxxxxxx
Subject: Delegate 5.9.x - 6.0.x remote exploit (possibly others)
Message-ID: <Pine.LNX.4.05.9911131950140.12742-200000@xxxxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-1463811696-1618997114-942519279=:12742"

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime@xxxxxxxxxxxxxxxxxxxxxxxxxxxx for more info.

---1463811696-1618997114-942519279=:12742
Content-Type: TEXT/PLAIN; charset=US-ASCII


Hi.

Delegate, a multiple-service proxy server contains several hundret buffer
overflows and is horrible insecure in general.

Attached there is a demonstration exploit for just one remotely
exploitable buffer overflow for delegate, compiled on linux (this bug is
exploitable on several other platforms, too).

I didn't bothered to notify the author of delegate, since it is
impossible to make delegate secure short time (it contains over 1000
strcpy's and over 500 sprintf's). Just don't use delegate anymore.


ciao,
scut / teso security
[http://teso.scene.at/]

-- 
- scut@xxxxxxxxxxxxxxx - http://nb.in-berlin.de/scut/ - sacbuctd@ircnet  --
-- you don't need a lot of people to be great, you need a few great to be --
-- the best -----------------------------------------------------------------
--- nuclear arrival weapon spy agent remain undercover, hi echelon ----------

---1463811696-1618997114-942519279=:12742
Content-Type: TEXT/plain; name="delefate.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.05.9911131954390.12742@xxxxxxxxxxxxxxx>
Content-Description: delefate.c
Content-Disposition: attachment; filename="delefate.c"

(略)
---1463811696-1618997114-942519279=:12742--

--UTZ8bGhNySVQ9LYl--

Prev by Date: [debian-users:18898] Q:gpg の使用方法
Next by Date: [debian-users:18900] Bug#JP/1101: nvi-m17n on long-one-line with kanji
Previous by thread: [debian-users:18898] Q:gpg の使用方法
Next by thread: [debian-users:18900] Bug#JP/1101: nvi-m17n on long-one-line with kanji
Index(es):
- Date
- Thread