CVE-2004-0398

Sažetak

Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000841
http://marc.info/?l=bugtraq&m=108498433632333&w=2
http://marc.info/?l=bugtraq&m=108500057108022&w=2
http://secunia.com/advisories/11638
http://secunia.com/advisories/11650
http://secunia.com/advisories/11673
http://security.gentoo.org/glsa/glsa-200405-13.xml
http://security.gentoo.org/glsa/glsa-200405-15.xml
http://www.ciac.org/ciac/bulletins/o-148.shtml
http://www.debian.org/security/2004/dsa-506
http://www.debian.org/security/2004/dsa-507
http://www.mandriva.com/security/advisories?name=MDKSA-2004:049
http://www.osvdb.org/6302
http://www.redhat.com/support/errata/RHSA-2004-191.html
http://www.securityfocus.com/bid/10385
https://bugzilla.fedora.us/show_bug.cgi?id=1552
https://exchange.xforce.ibmcloud.com/vulnerabilities/16192

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-10-2020 - 17:06

Objavljeno

07-07-2004 - 04:00