=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Сб, 13 ноя 1999  21:54:39

   От: Sebastian <scut@NB.IN-BERLIN.DE>

 Кому: BUGTRAQ@SECURITYFOCUS.COM

 Тема: Delegate 5.9.x - 6.0.x remote exploit (possibly others)

--------------------------------------------------------------------------------






Hi.



Delegate, a multiple-service proxy server contains several hundret buffer

overflows and is horrible insecure in general.



Attached there is a demonstration exploit for just one remotely

exploitable buffer overflow for delegate, compiled on linux (this bug is

exploitable on several other platforms, too).



I didn't bothered to notify the author of delegate, since it is

impossible to make delegate secure short time (it contains over 1000

strcpy's and over 500 sprintf's). Just don't use delegate anymore.





ciao,

scut / teso security

[http://teso.scene.at/]



--

- scut@nb.in-berlin.de - http://nb.in-berlin.de/scut/ - sacbuctd@ircnet  --

-- you don't need a lot of people to be great, you need a few great to be --

-- the best -----------------------------------------------------------------

--- nuclear arrival weapon spy agent remain undercover, hi echelon ----------