Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4505

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-4505
Last Modified 10 Apr 2013 11:31:00
Published 11 Nov 2012 08:00:49
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4505

Summary

Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.

Vulnerable Systems

Application

  • Libproxy Project Libproxy 0.2.3

  • Libproxy Project Libproxy 0.3.0

  • Libproxy Project Libproxy 0.3.1


References

CONFIRM - https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=864612

BID - 55910

MLIST - [oss-security] 20121016 Re: libproxy PAC downloading buffer overflows

MLIST - [oss-security] 20121012 Re: libproxy PAC downloading buffer overflows

MLIST - [oss-security] 20121012 libproxy PAC downloading buffer overflows

DEBIAN - DSA-2571

SECUNIA - 51180

SECUNIA - 51048

SUSE - openSUSE-SU-2012:1375

UBUNTU - USN-1629-1

REDHAT - RHSA-2012:1461

SECUNIA - 51308

Related Patches

Novell SUSE 2012:7092 libproxy security update for SLE 11 SP2 i586

Novell SUSE 2012:7092 libproxy security update for SLE 11 SP2 x86_64


Last Updated: 27 May 2016 10:58:27