Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0398

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0398
Last Modified 10 Sep 2008 03:26:13
Published 07 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0398

Summary

Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.

Vulnerable Systems

Application

  • Cadaver Webdav Client 0.20.0

  • Cadaver Webdav Client 0.20.1

  • Cadaver Webdav Client 0.20.2

  • Cadaver Webdav Client 0.20.3

  • Cadaver Webdav Client 0.20.4

  • Cadaver Webdav Client 0.20.5

  • Cadaver Webdav Client 0.21.0

  • Cadaver Webdav Client 0.22.0

  • Cadaver Webdav Client 0.22.1

  • Neon Client Library 0.19.3

  • Neon Client Library 0.23

  • Neon Client Library 0.23.1

  • Neon Client Library 0.23.2

  • Neon Client Library 0.23.3

  • Neon Client Library 0.23.4

  • Neon Client Library 0.23.5

  • Neon Client Library 0.23.6

  • Neon Client Library 0.23.7

  • Neon Client Library 0.23.8

  • Neon Client Library 0.24

  • Neon Client Library 0.24.1

  • Neon Client Library 0.24.2

  • Neon Client Library 0.24.3

  • Neon Client Library 0.24.4

  • Openoffice 1.1.2

  • Subversion


References

FEDORA - FEDORA-2004-1552

XF - neon-library-nerfc1036parse-bo(16192)

BID - 10385

REDHAT - RHSA-2004:191

DEBIAN - DSA-507

DEBIAN - DSA-506

GENTOO - GLSA-200405-15

GENTOO - GLSA-200405-13

SECUNIA - 11673

SECUNIA - 11650

SECUNIA - 11638

OSVDB - 6302

CIAC - O-148

CONECTIVA - CLA-2004:841

FULLDISC - 20040519 Advisory 06/2004: libneon date parsing vulnerability

MANDRAKE - MDKSA-2004:049

BUGTRAQ - 20040519 [OpenPKG-SA-2004.024] OpenPKG Security Advisory (neon)


Last Updated: 27 May 2016 10:38:35