CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2015-7556 – DeleGate 9.9.13 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-7556
DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program. DeleGate versión 9.9.13, permite a usuarios locales alcanzar privilegios como es demostrado por el programa dgcpnod setuid. Installation of DeleGate version 9.9.13 sets some binaries setuid root and at least one of these binaries can be used to escalate the privileges of a local user. The binary dgcpnod creates a node allowing a local unprivileged user to create files anywhere on disk. By creating a file in /etc/cron.hourly a local user can execute commands as root. • https://www.exploit-db.com/exploits/39134 http://seclists.org/fulldisclosure/2015/Dec/123 http://www.vapidlabs.com/advisory.php?v=159 • CWE-269: Improper Privilege Management •
CVSS: 5.0EPSS: 3%CPEs: 36EXPL: 0CVE-2006-2072
https://notcve.org/view.php?id=CVE-2006-2072
Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite. • http://secunia.com/advisories/19750 http://securitytracker.com/id?1015991 http://www.kb.cert.org/vuls/id/955777 http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en http://www.securityfocus.com/bid/17691 http://www.vupen.com/english/advisories/2006/1505 http://www.vupen.com/english/advisories/2006/1506 https://exchange.xforce.ibmcloud.com/vulnerabilities/26081 •
CVSS: 5.0EPSS: 1%CPEs: 23EXPL: 0CVE-2005-0036
https://notcve.org/view.php?id=CVE-2005-0036
The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. • http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en http://www.osvdb.org/25291 http://www.securityfocus.com/bid/13729 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0861
https://notcve.org/view.php?id=CVE-2005-0861
Multiple buffer overflows in DeleGate before 8.11.1 may allow attackers to cause a denial of service or execute arbitrary code, possibly due to "overflows on arrays." • http://secunia.com/advisories/14649 http://www.delegate.org/mail-lists/delegate-en/2840 https://exchange.xforce.ibmcloud.com/vulnerabilities/19775 •
CVSS: 5.0EPSS: 1%CPEs: 98EXPL: 0CVE-2004-0789
https://notcve.org/view.php?id=CVE-2004-0789
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet. • http://secunia.com/advisories/13145 http://securitytracker.com/id?1012157 http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf http://www.posadis.org/advisories/pos_adv_006.txt http://www.securityfocus.com/bid/11642 https://exchange.xforce.ibmcloud.com/vulnerabilities/17997 •