CVE-2004-2003 (CNNVD-200405-047)
中文标题:
DeleGate SSLway Filter远程堆栈缓冲区溢出漏洞
英文标题:
Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and ea...
漏洞描述
中文描述:
DeleGate是一款多功能应用级网关,运行在多个平台上。 DeleGate SSLway过滤器在处理用户提供的部分证书字段内容时缺少充分边界检查,远程攻击者可以利用这个漏洞对网关程序进行缓冲区溢出攻击,可能以进程权限在系统上执行任意指令。 当DeleGate SSLway过滤器使用时处理客户或服务端连接时存在漏洞,使用标题或发送者名字字段内容超过256字节的证书,可触发缓冲区溢出: static ssl_prcert(ssl,show,outssl,outfd,what) SSL *ssl; char *what; { X509 *peer; char subjb[256],*sb,issrb[256],*is; char *dp,ident[256]; ident[0] = 0; if( peer = SSL_get_peer_certificate(ssl) ){ sb = X509_NAME_oneline(X509_get_subject_name(peer),subjb,1024); is = X509_NAME_oneline(X509_get_issuer_name(peer),issrb,1024); X509_NAME_oneline()的第二个参数是要写入的缓冲区,第三个参数是缓冲区大小,上面缓冲区大小定义为1024字节,而缓冲区实际只有256字节,因此过多的数据可覆盖ssl_prcert()的返回地址。
英文描述:
Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| delegate | delegate | 7.7.0 | - | - |
cpe:2.3:a:delegate:delegate:7.7.0:*:*:*:*:*:*:*
|
| delegate | delegate | 7.7.1 | - | - |
cpe:2.3:a:delegate:delegate:7.7.1:*:*:*:*:*:*:*
|
| delegate | delegate | 7.8.0 | - | - |
cpe:2.3:a:delegate:delegate:7.8.0:*:*:*:*:*:*:*
|
| delegate | delegate | 7.8.1 | - | - |
cpe:2.3:a:delegate:delegate:7.8.1:*:*:*:*:*:*:*
|
| delegate | delegate | 7.8.2 | - | - |
cpe:2.3:a:delegate:delegate:7.8.2:*:*:*:*:*:*:*
|
| delegate | delegate | 7.9.11 | - | - |
cpe:2.3:a:delegate:delegate:7.9.11:*:*:*:*:*:*:*
|
| delegate | delegate | 8.3.3 | - | - |
cpe:2.3:a:delegate:delegate:8.3.3:*:*:*:*:*:*:*
|
| delegate | delegate | 8.3.4 | - | - |
cpe:2.3:a:delegate:delegate:8.3.4:*:*:*:*:*:*:*
|
| delegate | delegate | 8.4.0 | - | - |
cpe:2.3:a:delegate:delegate:8.4.0:*:*:*:*:*:*:*
|
| delegate | delegate | 8.5.0 | - | - |
cpe:2.3:a:delegate:delegate:8.5.0:*:*:*:*:*:*:*
|
| delegate | delegate | 8.9 | - | - |
cpe:2.3:a:delegate:delegate:8.9:*:*:*:*:*:*:*
|
| delegate | delegate | 8.9.1 | - | - |
cpe:2.3:a:delegate:delegate:8.9.1:*:*:*:*:*:*:*
|
| delegate | delegate | 8.9.2 | - | - |
cpe:2.3:a:delegate:delegate:8.9.2:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
exploitdb
exploitdb
cve.org
CVSS评分详情
AV:N/AC:L/Au:N/C:P/I:P/A:P
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2004-2003 |
2025-11-11 15:17:31 | 2025-11-11 07:32:23 |
| NVD | nvd_CVE-2004-2003 |
2025-11-11 14:50:54 | 2025-11-11 07:41:09 |
| CNNVD | cnnvd_CNNVD-200405-047 |
2025-11-11 15:08:44 | 2025-11-11 07:48:53 |
| EXPLOITDB | exploitdb_EDB-24095 |
2025-11-11 15:05:24 | 2025-11-11 08:19:57 |
版本与语言
安全公告
变更历史
查看详细变更
- references_count: 5 -> 8
- tags_count: 0 -> 4
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-200405-047
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 7.5
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:P/I:P/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 13
- data_sources: ['cve'] -> ['cve', 'nvd']