GLSA
Bodhisattva
Joined: 13 Jun 2003
Posts: 4087
Location: Dresden, Germany
|
 Posted: Sun May 09, 2004 5:19 pm Post subject: [ GLSA 200405-01 ] Multiple format string vulnerabilities in |
 |
|
Gentoo Linux Security Advisory
Title: Multiple format string vulnerabilities in neon 0.24.4 and earlier (GLSA 200405-01)
Severity: normal
Exploitable: remote
Date: May 09, 2004
Bug(s): #48448
ID: 200405-01
Synopsis
There are multiple format string vulnerabilities in libneon which may allow
a malicious WebDAV server to execute arbitrary code.
Background
neon provides an HTTP and WebDAV client library.
Affected Packages
Package: net-misc/neon
Vulnerable: <= 0.24.4
Unaffected: >= 0.24.5
Architectures: All supported architectures
Description
There are multiple format string vulnerabilities in libneon which may allow
a malicious WebDAV server to execute arbitrary code under the context of
the process using libneon.
Impact
An attacker may be able to execute arbitrary code under the context of the
process using libneon.
Workaround
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
Resolution
Neon users should upgrade to version 0.24.5 or later:
| Code: | # emerge sync
# emerge -pv ">=net-misc/neon-0.24.5"
# emerge ">=net-misc/neon-0.24.5" |
References
CVE
Last edited by GLSA on Fri Mar 14, 2014 4:16 am; edited 3 times in total |
|
News & Announcements
