Vulnerabilities > CVE-2001-0440

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

conectiva

licq

mandrakesoft

nessus

exploit available

NVD

Published: 2001-07-02

Updated: 2024-11-20

Summary

Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.

Vulnerable Configurations

Part	Description	Count
OS	Conectiva Conectiva Linux 4.2 Conectiva Linux 4.1 Conectiva Linux 6.0 Conectiva Linux 5.1 Conectiva Linux Ecommerce Conectiva Linux 4.0Es Conectiva Linux Prg_Graficos Conectiva Linux 5.0 Conectiva Linux 4.0	9
OS	Mandrakesoft Mandrakesoft Mandrake Linux 7.2 Mandrakesoft Mandrake Linux 7.1	2
Application	Licq Licq Licq *	1

Exploit-Db

description	LICQ 0.85/1.0.1/1.0.2 Remote Buffer Overflow Vulnerability. CVE-2001-0440 . Remote exploit for unix platform
id	EDB-ID:20646
last seen	2016-02-02
modified	2000-12-26
published	2000-12-26
reporter	Stan Bubrouski
source	https://www.exploit-db.com/download/20646/
title	LICQ 0.85/1.0.1/1.0.2 - Remote Buffer Overflow Vulnerability

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2001-032.NASL
description	Versions of Licq prior to 1.0.3 have a vulnerability involving the way Licq parses received URLs. The received URLs are passed to the web browser without any sanity checking by using the system() function. Because of the lack of checks on the URL, remote attackers can pipe other commands with the sent URLs causing the client to unwillingly execute arbitrary commands. The URL parsing code has been fixed in the most recent 1.0.3 version. Users of Linux-Mandrake 7.1 and Corporate Server 1.0.1 will have to manually remove the licq-data package by using
last seen	2020-06-01
modified	2020-06-02
plugin id	61906
published	2012-09-06
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/61906
title	Mandrake Linux Security Advisory : licq (MDKSA-2001:032-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2001:032. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(61906); script_version("1.5"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2001-0439", "CVE-2001-0440"); script_xref(name:"MDKSA", value:"2001:032-1"); script_name(english:"Mandrake Linux Security Advisory : licq (MDKSA-2001:032-1)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Versions of Licq prior to 1.0.3 have a vulnerability involving the way Licq parses received URLs. The received URLs are passed to the web browser without any sanity checking by using the system() function. Because of the lack of checks on the URL, remote attackers can pipe other commands with the sent URLs causing the client to unwillingly execute arbitrary commands. The URL parsing code has been fixed in the most recent 1.0.3 version. Users of Linux-Mandrake 7.1 and Corporate Server 1.0.1 will have to manually remove the licq-data package by using 'rpm -e licq-data' prior to upgrading. Update : The Licq update for Linux-Mandrake 7.2 was built against the qt2 libraries available in MandrakeFreq. As such, the previously released Licq packages will be made available in MandrakeFreq and users of Linux-Mandrake 7.2 without MandrakeFreq or the 'unsupported' updates applied should use these new packages." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:licq"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:licq-autoreply"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:licq-console"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:licq-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:licq-forwarder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:licq-rms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:licq-update-hosts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"patch_publication_date", value:"2001/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"licq-1.0.3-2.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"licq-autoreply-1.0.3-2.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"licq-console-1.0.3-2.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"licq-devel-1.0.3-2.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"licq-forwarder-1.0.3-2.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"licq-rms-1.0.3-2.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"licq-update-hosts-1.0.3-2.3mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Redhat

advisories

rhsa
id RHSA-2001:022
rhsa
id RHSA-2001:023

Vulnerabilities > CVE-2001-0440 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2001-0440"}]}

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Redhat

References

Vulnerabilities > CVE-2001-0440