CVE-2004-2003
DeleGate < 8.9.2 - Buffer Overflow via SSL Certificate Subject or Issuer Name
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-2003. PoCs published by Joel Eriksson.
AI-analyzed exploit summary This exploit demonstrates a buffer overflow in DeleGate's SSLway filter by crafting a malicious X.509 certificate with oversized OU fields. The PoC uses OpenSSL to generate a certificate that triggers the overflow in the ssl_prcert() function.
Description
Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field.
Exploits (1)
This exploit demonstrates a buffer overflow in DeleGate's SSLway filter by crafting a malicious X.509 certificate with oversized OU fields. The PoC uses OpenSSL to generate a certificate that triggers the overflow in the ssl_prcert() function.