FreeBSD Local Security Checks : FreeBSD Ports: neon

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52450

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: neon

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

neon
sitecopy

CVE-2004-0398
Heap-based buffer overflow in the ne_rfc1036_parse date parsing
function for the neon library (libneon) 0.24.5 and earlier, as used by
cadaver before 0.22, allows remote WebDAV servers to execute arbitrary
code on the client.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0398
BugTraq ID: 10385
http://www.securityfocus.com/bid/10385
Bugtraq: 20040519 Advisory 06/2004: libneon date parsing vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=108498433632333&w=2
Bugtraq: 20040519 [OpenPKG-SA-2004.024] OpenPKG Security Advisory (neon) (Google Search)
http://marc.info/?l=bugtraq&m=108500057108022&w=2
Computer Incident Advisory Center Bulletin: O-148
http://www.ciac.org/ciac/bulletins/o-148.shtml
Conectiva Linux advisory: CLA-2004:841
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000841
Debian Security Information: DSA-506 (Google Search)
http://www.debian.org/security/2004/dsa-506
Debian Security Information: DSA-507 (Google Search)
http://www.debian.org/security/2004/dsa-507
https://bugzilla.fedora.us/show_bug.cgi?id=1552
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html
http://security.gentoo.org/glsa/glsa-200405-13.xml
http://security.gentoo.org/glsa/glsa-200405-15.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:049
http://www.osvdb.org/6302
http://www.redhat.com/support/errata/RHSA-2004-191.html
http://secunia.com/advisories/11638
http://secunia.com/advisories/11650
http://secunia.com/advisories/11673
XForce ISS Database: neon-library-nerfc1036parse-bo(16192)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16192

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52450
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: neon
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: neon sitecopy CVE-2004-0398 Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0398 BugTraq ID: 10385 http://www.securityfocus.com/bid/10385 Bugtraq: 20040519 Advisory 06/2004: libneon date parsing vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108498433632333&w=2 Bugtraq: 20040519 [OpenPKG-SA-2004.024] OpenPKG Security Advisory (neon) (Google Search) http://marc.info/?l=bugtraq&m=108500057108022&w=2 Computer Incident Advisory Center Bulletin: O-148 http://www.ciac.org/ciac/bulletins/o-148.shtml Conectiva Linux advisory: CLA-2004:841 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000841 Debian Security Information: DSA-506 (Google Search) http://www.debian.org/security/2004/dsa-506 Debian Security Information: DSA-507 (Google Search) http://www.debian.org/security/2004/dsa-507 https://bugzilla.fedora.us/show_bug.cgi?id=1552 http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html http://security.gentoo.org/glsa/glsa-200405-13.xml http://security.gentoo.org/glsa/glsa-200405-15.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:049 http://www.osvdb.org/6302 http://www.redhat.com/support/errata/RHSA-2004-191.html http://secunia.com/advisories/11638 http://secunia.com/advisories/11650 http://secunia.com/advisories/11673 XForce ISS Database: neon-library-nerfc1036parse-bo(16192) https://exchange.xforce.ibmcloud.com/vulnerabilities/16192
Copyright	Copyright (C) 2008 E-Soft Inc.