 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50321 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 1 FEDORA-2004-129 (neon) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to neon announced via advisory FEDORA-2004-129. neon is an HTTP and WebDAV client library, with a C interface providing a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support. Update Information: Stefan Esser discovered a flaw in the neon library which allows a heap buffer overflow in a date parsing routine. An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client should a user connect to it using a neon-based application which uses the date parsing routines, such as cadaver. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0398 to this issue. This update includes packages with a patch for this issue. * Sun May 16 2004 Joe Orton - add security fix for CVE CVE-2004-0398 This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 71f0ddffbe8b5171b2fa2d93e55f8e35 SRPMS/neon-0.24.5-2.1.src.rpm c215af0bae2c90672573090fee1ec706 i386/neon-0.24.5-2.1.i386.rpm 89c59069a0b48258b8b5f8cc66be5bf7 i386/neon-devel-0.24.5-2.1.i386.rpm f7d813c7a96814072b097f15692771e9 i386/debug/neon-debuginfo-0.24.5-2.1.i386.rpm 841d910930f3def3f0202570b8c984a6 x86_64/neon-0.24.5-2.1.x86_64.rpm 92cc5ffa0588fe59bdd976308ea52971 x86_64/neon-devel-0.24.5-2.1.x86_64.rpm 03c24e6f0cd267e655a40127696a71b6 x86_64/debug/neon-debuginfo-0.24.5-2.1.x86_64.rpm This update can also be installed with the Update Agent you can launch the Update Agent with the 'up2date' command. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-129.shtml Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
BugTraq ID: 10385 Common Vulnerability Exposure (CVE) ID: CVE-2004-0398 http://www.securityfocus.com/bid/10385 Bugtraq: 20040519 Advisory 06/2004: libneon date parsing vulnerability (Google Search) http://marc.info/?l=bugtraq&m=108498433632333&w=2 Bugtraq: 20040519 [OpenPKG-SA-2004.024] OpenPKG Security Advisory (neon) (Google Search) http://marc.info/?l=bugtraq&m=108500057108022&w=2 Computer Incident Advisory Center Bulletin: O-148 http://www.ciac.org/ciac/bulletins/o-148.shtml Conectiva Linux advisory: CLA-2004:841 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000841 Debian Security Information: DSA-506 (Google Search) http://www.debian.org/security/2004/dsa-506 Debian Security Information: DSA-507 (Google Search) http://www.debian.org/security/2004/dsa-507 https://bugzilla.fedora.us/show_bug.cgi?id=1552 http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html http://security.gentoo.org/glsa/glsa-200405-13.xml http://security.gentoo.org/glsa/glsa-200405-15.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:049 http://www.osvdb.org/6302 http://www.redhat.com/support/errata/RHSA-2004-191.html http://secunia.com/advisories/11638 http://secunia.com/advisories/11650 http://secunia.com/advisories/11673 XForce ISS Database: neon-library-nerfc1036parse-bo(16192) https://exchange.xforce.ibmcloud.com/vulnerabilities/16192 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |