Article delegate-en/3546 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] delegate security flaw [Virus checked]
18 Oct 2006 09:38:59 GMT p3igqbdyi-rn3efjjwyhtr.ml@ml.delegate.org


hello yutaka,

i recently discovered a security flaw which is related to the delegate 
permission control

allthough using a filter like FCL="sslway ..... -Vrfy" , when running in 
master mode , clients which are rejected by the ssl-layer, still
cause delegate to open a connection to a destination server , this can and 
has been used to accomplish ddos . the FCL should reject the connection
establishment to an arbitrary server , before rejecting the ssl handshake 
. in case you need log files for forensik analysis, i will post them. for 
now, i strongly 
recommend everyone to shut down delegate master services until this one is 
fixed :-)

greetz from germany :-))


martin papapadopoulos

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V