CVE-2004-2003 - OpenCVE

Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Delegate	Delegate

Configuration 1 [-]

OR	cpe:2.3:a:delegate:delegate:7.7.0:::::::*
	cpe:2.3:a:delegate:delegate:7.7.1:::::::*
	cpe:2.3:a:delegate:delegate:7.8.0:::::::*
	cpe:2.3:a:delegate:delegate:7.8.1:::::::*
	cpe:2.3:a:delegate:delegate:7.8.2:::::::*
	cpe:2.3:a:delegate:delegate:7.9.11:::::::*
	cpe:2.3:a:delegate:delegate:8.3.3:::::::*
	cpe:2.3:a:delegate:delegate:8.3.4:::::::*
	cpe:2.3:a:delegate:delegate:8.4.0:::::::*
	cpe:2.3:a:delegate:delegate:8.5.0:::::::*
	cpe:2.3:a:delegate:delegate:8.9:::::::*
	cpe:2.3:a:delegate:delegate:8.9.1:::::::*
	cpe:2.3:a:delegate:delegate:8.9.2:::::::*

References

Link	Resource
http://marc.info/?l=bugtraq&m=108386181021070&w=2
http://secunia.com/advisories/11569	Exploit Patch Vendor Advisory
http://www.osvdb.org/5945
http://www.securityfocus.com/bid/10295	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16078

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-05-10T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-05-04T00:00:00

Link: CVE-2004-2003

JSON object: View

NVD Information

Status : Modified

Published: 2004-05-06T04:00:00.000

Modified: 2017-07-11T01:31:32.497

Link: CVE-2004-2003

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-05-06T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "11569", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/11569"}, {"name": "20040506 [0xbadc0ded #03] DeleGate (SSL-filter) <= 8.9.2", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108386181021070&w=2"}, {"name": "5945", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/5945"}, {"name": "10295", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10295"}, {"name": "delegate-sslway-bo(16078)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16078"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2003", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "11569", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/11569"}, {"name": "20040506 [0xbadc0ded #03] DeleGate (SSL-filter) <= 8.9.2", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108386181021070&w=2"}, {"name": "5945", "refsource": "OSVDB", "url": "http://www.osvdb.org/5945"}, {"name": "10295", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10295"}, {"name": "delegate-sslway-bo(16078)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16078"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2003", "datePublished": "2005-05-10T04:00:00", "dateReserved": "2005-05-04T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:delegate:delegate:7.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F9180C95-FF6F-4A0C-9DE0-DFF6D8387698", "vulnerable": true}, {"criteria": "cpe:2.3:a:delegate:delegate:7.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "68FA1404-9FA2-4379-96BC-6D7970C0EAA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:delegate:delegate:7.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "EABEE7AB-7C45-473E-9873-0423F2249F96", "vulnerable": true}, {"criteria": "cpe:2.3:a:delegate:delegate:7.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "A1F66F57-6AEB-4E3C-B148-BC7D11E1EBEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:delegate:delegate:7.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "611AD3E5-708F-46BB-B21D-09598E1C4771", "vulnerable": true}, {"criteria": "cpe:2.3:a:delegate:delegate:7.9.11:*:*:*:*:*:*:*", "matchCriteriaId": "AD59AEEB-D524-4337-8962-B29863CBC889", "vulnerable": true}, {"criteria": "cpe:2.3:a:delegate:delegate:8.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "F15245AF-B9B6-4D46-A901-A781FC0BAF24", "vulnerable": true}, {"criteria": "cpe:2.3:a:delegate:delegate:8.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "C7A3E1EB-89A5-4326-8977-9B462065C39B", "vulnerable": true}, {"criteria": "cpe:2.3:a:delegate:delegate:8.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BD607D2-2B07-474B-A855-2C3319B42CED", "vulnerable": true}, {"criteria": "cpe:2.3:a:delegate:delegate:8.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "BE4B4665-84C4-4129-9916-ABAC61B81FF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:delegate:delegate:8.9:*:*:*:*:*:*:*", "matchCriteriaId": "4131A4A5-5D67-4522-9A6E-E708815B5B86", "vulnerable": true}, {"criteria": "cpe:2.3:a:delegate:delegate:8.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8C30DD0-C957-44BA-B44C-7B424E664B52", "vulnerable": true}, {"criteria": "cpe:2.3:a:delegate:delegate:8.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "EC2E24A5-A864-4F42-A053-2FDA9D09A4B5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field."}], "id": "CVE-2004-2003", "lastModified": "2017-07-11T01:31:32.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-05-06T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=108386181021070&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/11569"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/5945"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10295"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16078"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}