|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200405-13] neon heap-based buffer overflow Vulnerability Assessment Details
|
[GLSA-200405-13] neon heap-based buffer overflow |
||
neon heap-based buffer overflow Detailed Explanation for this Vulnerability Assessment The remote host is affected by the vulnerability described in GLSA-200405-13 (neon heap-based buffer overflow) Stefan Esser discovered a vulnerability in the code of the neon library : if a malicious date string is passed to the ne_rfc1036_parse() function, it can trigger a string overflow into static heap variables. Impact Depending on the application linked against libneon and when connected to a malicious WebDAV server, this vulnerability could permit execution of arbitrary code with the rights of the user running that application. Workaround There is no known workaround at this time. All users are advised to upgrade to the latest available version of neon. References: http://security.e-matters.de/advisories/062004.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0398 Solution: All users of neon should upgrade to the latest stable version: # emerge sync # emerge -pv ">=net-misc/neon-0.24.6" # emerge ">=net-misc/neon-0.24.6" Network Security Threat Level: Medium Networks Security ID: Vulnerability Assessment Copyright: (C) 2005 Michel Arboi |
||
Cables, Connectors |
Dell PowerEdge R720 Server - 2x8c CPU,256Gb RAM, 128Gb SSD/3x900Gb SAS, Proxmox
$340.00
Dell PowerEdge R630 8SFF 2.6Ghz 20-Core 128GB Mem 2x10G+2x1G NIC 2x750W PSU
$399.04
HP ProLiant DL360 G9 Server 2x E5-2660v3 2.60Ghz 20-Core 96GB P440ar
$304.35
Dell Poweredge R640 Server | 2x Silver 4114 20 Cores | 96GB | 8x 1.8TB Dell SAS
$2749.99
Intel Xeon E5-2680 v4 2.4GHz 35MB 14-Core 120W LGA2011-3 SR2N7
$17.99
Intel Xeon E5-2699v4 SR2JS 2.2GHz 22-Core 55MB 145W Server Processor CPU
$144.95
Intel Xeon Gold 6126 2.6 GHz LGA 3647 Server CPU Processor SR3B3
$17.99
Intel Xeon Gold 6140 SR3AX 2.3GHz 18-Core Processor CPU
$44.99
INTEL XEON GOLD 6240 2.6GHZ PROCESSOR | SRF8X
$399.99
Dell Precision T5600/t5610 Xeon E5-2670 2.6Ghz 16GB DDR3 RAM NO HDD Nvidia
$90.00
|
||
No Discussions have been posted on this vulnerability. |