Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4504

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-4504
Last Modified 04 Jun 2013 11:38:00
Published 11 Nov 2012 08:00:48
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4504

Summary

Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.

Vulnerable Systems

Application

  • Libproxy Project Libproxy 0.4.0

  • Libproxy Project Libproxy 0.4.1

  • Libproxy Project Libproxy 0.4.2

  • Libproxy Project Libproxy 0.4.3

  • Libproxy Project Libproxy 0.4.5

  • Libproxy Project Libproxy 0.4.6

  • Libproxy Project Libproxy 0.4.7

  • Libproxy Project Libproxy 0.4.8


References

CONFIRM - https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=864417

MLIST - [oss-security] 20121016 Re: libproxy PAC downloading buffer overflows

MLIST - [oss-security] 20121012 Re: libproxy PAC downloading buffer overflows

MLIST - [oss-security] 20121012 libproxy PAC downloading buffer overflows

SECUNIA - 51048

SUSE - openSUSE-SU-2012:1375

MISC - http://code.google.com/p/libproxy/source/detail?r=853

UBUNTU - USN-1629-1

BID - 55909

XF - libproxy-urlgetpac-bo(79249)


Last Updated: 27 May 2016 10:58:27