Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200504-09] Axel: Vulnerability in HTTP redirection handling


Vulnerability Assessment Details

[GLSA-200504-09] Axel: Vulnerability in HTTP redirection handling

Vulnerability Assessment Summary
Axel: Vulnerability in HTTP redirection handling

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200504-09
(Axel: Vulnerability in HTTP redirection handling)


A possible buffer overflow has been reported in the HTTP
redirection handling code in conn.c.

Impact

A remote attacker could exploit this vulnerability by setting up a
malicious site and enticing a user to connect to it. This could
possibly lead to the execution of arbitrary code with the permissions
of the user running Axel.

Workaround

There is no known workaround at this time.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0390


Solution:
All Axel users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/axel-1.0b"


Network Security Threat Level: Medium


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi

Cables, Connectors

Dell Precision T3600 Xeon E5-1607 3GHz 16GB RAM 1TB NVIDIA NVS 310 LOCAL PICKUP
$29.99
Dell Precision T3600 Xeon E5-1607 3GHz 16GB RAM 1TB NVIDIA NVS 310 LOCAL PICKUP pictureSR1XR INTEL XEON E5-2660V3 2.60GHZ 10 CORES 25MB 9.6 GT/s 105W
$200.0
SR1XR INTEL XEON E5-2660V3 2.60GHZ 10 CORES 25MB 9.6 GT/s 105W pictureTwo Intel Xeon E5-2650 Socket R LGA-2011 2 GHz Eight Core Processor
$60.0
Two Intel Xeon E5-2650 Socket R LGA-2011 2 GHz Eight Core Processor pictureTwo Intel Xeon E5-2660 2.2GHz Eight Core (CM8062107184801) Processor
$70.0
Two Intel Xeon E5-2660 2.2GHz Eight Core (CM8062107184801) Processor picture


Discussions

No Discussions have been posted on this vulnerability.