MidnightBSD

Advisories for delegate

CVE-1999-1338 MEDIUM

Delegate proxy 5.9.3 and earlier creates files and directories in the DGROOT with world-writable permissions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
delegate delegate *
CVE-2001-1202 HIGH

Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
delegate delegate 7.7.0
delegate delegate 7.8.0
delegate delegate 7.8.1
delegate delegate 7.7.1
CVE-2002-1781 HIGH

Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote attackers to execute arbitrary code, as demonstrated using a long USER command to the POP proxy.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
delegate delegate 7.7.0
delegate delegate 7.8.0
delegate delegate 7.8.1
delegate delegate 7.7.1
CVE-2004-0789 MEDIUM

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
team_johnlong raidendnsd *
pliant pliant_dns_server *
dnrd dnrd 2.9
delegate delegate 8.3.4
qbik wingate 6.0.1_build_993
maradns maradns 0.8.05
axis 2110_network_camera 2.32
delegate delegate 8.4.0
dnrd dnrd 1.2
posadis posadis 0.50.5
delegate delegate 8.9.4
dnrd dnrd 1.0
axis 2100_network_camera 2.01
axis 2120_network_camera 2.12
dnrd dnrd 2.0
axis 2401_video_server 3.12
axis 2110_network_camera 2.34
axis 2100_network_camera 2.30
delegate delegate 8.9.1
axis 2420_network_camera 2.12
axis 2420_network_camera 2.33
axis 2400_video_server 3.12
delegate delegate 7.8.2
axis 2110_network_camera 2.40
axis 2100_network_camera 2.34
axis 2420_network_camera 2.30
dnrd dnrd 2.8
axis 2110_network_camera 2.31
don_moore mydns 0.10.0
qbik wingate 6.0
maradns maradns 0.5.31
axis 2120_network_camera 2.34
qbik wingate 4.1_beta_a
posadis posadis 0.50.4
delegate delegate 8.9.2
axis 2100_network_camera 2.03
axis 2100_network_camera 2.40
dnrd dnrd 2.4
dnrd dnrd 1.1
axis 2420_network_camera 2.31
axis 2120_network_camera 2.32
dnrd dnrd 2.2
posadis posadis 0.60.0
maradns maradns 0.5.28
dnrd dnrd 2.1
delegate delegate 8.9.5
delegate delegate 8.5.0
axis 2110_network_camera 2.41
posadis posadis 0.50.7
posadis posadis 0.50.6
delegate delegate 7.8.0
qbik wingate 6.0.1_build_995
delegate delegate 7.9.11
delegate delegate 8.9.3
dnrd dnrd 2.5
posadis posadis 0.50.9
dnrd dnrd 2.7
posadis posadis 0.60.1
axis 2100_network_camera 2.33
axis 2110_network_camera 2.30
delegate delegate 7.7.0
don_moore mydns 0.6
posadis posadis m5pre1
dnrd dnrd 1.3
axis 2420_network_camera 2.41
axis 2420_network_camera 2.34
don_moore mydns 0.9
axis 2100_network_camera 2.32
qbik wingate 3.0
don_moore mydns 0.8
axis 2420_network_camera 2.40
axis 2100_network_camera 2.41
maradns maradns 0.5.29
axis 2100_network_camera 2.12
axis 2100_network_camera 2.02
axis 2120_network_camera 2.31
dnrd dnrd 1.4
maradns maradns 0.5.30
axis 2100_network_camera 2.0
dnrd dnrd 2.6
delegate delegate 8.9
axis 2110_network_camera 2.12
don_moore mydns 0.7
posadis posadis m5pre2
axis 2120_network_camera 2.40
axis 2100_network_camera 2.31
axis 2460_network_dvr 3.12
axis 2120_network_camera 2.30
dnrd dnrd 2.10
qbik wingate 4.0.1
delegate delegate 7.8.1
axis 2400_video_server 3.11
delegate delegate 7.7.1
axis 2420_network_camera 2.32
axis 2120_network_camera 2.41
delegate delegate 8.3.3
posadis posadis 0.50.8
dnrd dnrd 2.3
CVE-2004-2003 HIGH

Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
delegate delegate 8.9
delegate delegate 8.3.4
delegate delegate 8.9.1
delegate delegate 7.8.1
delegate delegate 7.7.1
delegate delegate 7.8.2
delegate delegate 8.4.0
delegate delegate 8.5.0
delegate delegate 8.9.2
delegate delegate 8.3.3
delegate delegate 7.7.0
delegate delegate 7.8.0
delegate delegate 7.9.11
CVE-2005-0036 MEDIUM

The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
delegate delegate 8.9
delegate delegate 8.10
delegate delegate 8.9.6
delegate delegate 8.10.1
delegate delegate 8.3.4
delegate delegate 8.9.1
delegate delegate 7.8.1
delegate delegate 7.7.1
etl delegate 5.9
delegate delegate 7.8.2
delegate delegate 8.4.0
delegate delegate 8.9.5
delegate delegate 8.5.0
delegate delegate 8.9.2
etl delegate 6.0
delegate delegate 8.3.3
delegate delegate 7.7.0
delegate delegate 7.8.0
delegate delegate *
delegate delegate 8.9.4
delegate delegate 7.9.11
delegate delegate 8.9.3
delegate delegate 5.9.3
CVE-2005-0861 HIGH

Multiple buffer overflows in DeleGate before 8.11.1 may allow attackers to cause a denial of service or execute arbitrary code, possibly due to "overflows on arrays."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
delegate delegate *
CVE-2006-2072 MEDIUM

Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
delegate delegate 8.11
delegate delegate 8.9
delegate delegate 8.11.5
delegate delegate 8.10.2
delegate delegate 8.10.6
delegate delegate 8.3.4
delegate delegate 8.11.4
delegate delegate 8.11.3
delegate delegate 8.10.5
delegate delegate 8.4.0
delegate delegate 8.9.2
delegate delegate 9.0.5
delegate delegate 7.7.0
delegate delegate 8.9.4
delegate delegate 8.11.1
delegate delegate 9.0.2
delegate delegate 8.10
delegate delegate 9.0.1
delegate delegate 9.0.3
delegate delegate 8.9.6
delegate delegate 8.10.1
delegate delegate 8.9.1
delegate delegate 7.8.1
delegate delegate 7.7.1
delegate delegate 8.10.4
delegate delegate 9.0.4
delegate delegate 8.10.3
delegate delegate 7.8.2
delegate delegate 8.9.5
delegate delegate 8.5.0
delegate delegate 8.3.3
delegate delegate 7.8.0
delegate delegate 8.11.2
delegate delegate 9.0
delegate delegate 7.9.11
delegate delegate 8.9.3
CVE-2015-7556 HIGH

DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
delegate delegate 9.9.13