Vulnerabilities > CVE-2004-0398 - Heap Overflow vulnerability in Neon WebDAV Client Library ne_rfc1036_parse Function
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.
Vulnerable Configurations
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_NEON_0245_1.NASL description The following package needs to be updated: neon last seen 2016-09-26 modified 2004-07-06 plugin id 12586 published 2004-07-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=12586 title FreeBSD : neon date parsing vulnerability (128) NASL family Fedora Local Security Checks NASL id FEDORA_2004-130.NASL description Stefan Esser discovered a flaw in the neon library which allows a heap buffer overflow in a date parsing routine. An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client should a user connect to it using a neon-based application which uses the date parsing routines, such as cadaver. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0398 to this issue. This update includes packages with a patch for this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 13705 published 2004-07-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13705 title Fedora Core 2 : neon-0.24.5-2.2 (2004-130) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200405-15.NASL description The remote host is affected by the vulnerability described in GLSA-200405-15 (cadaver heap-based buffer overflow) Stefan Esser discovered a vulnerability in the code of the neon library (see GLSA 200405-13). This library is also included in cadaver. Impact : When connected to a malicious WebDAV server, this vulnerability could allow remote execution of arbitrary code with the rights of the user running cadaver. Workaround : There is no known workaround at this time. All users are advised to upgrade to the latest available version of cadaver. last seen 2020-06-01 modified 2020-06-02 plugin id 14501 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14501 title GLSA-200405-15 : cadaver heap-based buffer overflow NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-191.NASL description An updated cadaver package is now available that fixes a vulnerability in neon which could be exploitable by a malicious DAV server. cadaver is a command-line WebDAV client that uses inbuilt code from neon, an HTTP and WebDAV client library. Stefan Esser discovered a flaw in the neon library which allows a heap buffer overflow in a date parsing routine. An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client should a user connect to it using cadaver. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0398 to this issue. Users of cadaver are advised to upgrade to this updated package, which contains a patch correcting this issue. This issue does not affect Red Hat Enterprise Linux 3. last seen 2020-06-01 modified 2020-06-02 plugin id 12496 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12496 title RHEL 2.1 : cadaver (RHSA-2004:191) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-049.NASL description It was discovered that in portions of neon, sscanf() is used in an unsafe manner. This will result in an overflow of a static heap variable. The updated packages provide a patched libneon to correct these problems. last seen 2020-06-01 modified 2020-06-02 plugin id 14148 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14148 title Mandrake Linux Security Advisory : libneon (MDKSA-2004:049) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200405-13.NASL description The remote host is affected by the vulnerability described in GLSA-200405-13 (neon heap-based buffer overflow) Stefan Esser discovered a vulnerability in the code of the neon library : if a malicious date string is passed to the ne_rfc1036_parse() function, it can trigger a string overflow into static heap variables. Impact : Depending on the application linked against libneon and when connected to a malicious WebDAV server, this vulnerability could allow execution of arbitrary code with the rights of the user running that application. Workaround : There is no known workaround at this time. All users are advised to upgrade to the latest available version of neon. last seen 2020-06-01 modified 2020-06-02 plugin id 14499 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14499 title GLSA-200405-13 : neon heap-based buffer overflow NASL family Fedora Local Security Checks NASL id FEDORA_2004-129.NASL description Stefan Esser discovered a flaw in the neon library which allows a heap buffer overflow in a date parsing routine. An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client should a user connect to it using a neon-based application which uses the date parsing routines, such as cadaver. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0398 to this issue. This update includes packages with a patch for this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 13704 published 2004-07-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13704 title Fedora Core 1 : neon-0.24.5-2.1 (2004-129) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-078.NASL description The OpenOffice.org office suite contains an internal libneon library which allows it to connect to WebDAV servers. This internal library is subject to the same vulnerabilities that were fixed in libneon recently. These updated packages contain fixes to libneon to correct the several format string vulnerabilities in it, as well as a heap-based buffer overflow vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 14176 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14176 title Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2004:078) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-507.NASL description Stefan Esser discovered a problem in neon, an HTTP and WebDAV client library, which is also present in cadaver, a command-line client for WebDAV server. User input is copied into variables not large enough for all cases. This can lead to an overflow of a static heap variable. last seen 2020-06-01 modified 2020-06-02 plugin id 15344 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15344 title Debian DSA-507-1 : cadaver - buffer overflow NASL family Debian Local Security Checks NASL id DEBIAN_DSA-506.NASL description Stefan Esser discovered a problem in neon, an HTTP and WebDAV client library. User input is copied into variables not large enough for all cases. This can lead to an overflow of a static heap variable. last seen 2020-06-01 modified 2020-06-02 plugin id 15343 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15343 title Debian DSA-506-1 : neon - buffer overflow NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_8D075001A9CE11D89C6D0020ED76EF5A.NASL description Stefan Esser reports : A vulnerability within a libneon date parsing function could cause a heap overflow which could lead to remote code execution, depending on the application using libneon. The vulnerability is in the function ne_rfc1036_parse, which is in turn used by the function ne_httpdate_parse. Applications using either of these neon functions may be vulnerable. last seen 2020-06-01 modified 2020-06-02 plugin id 38015 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38015 title FreeBSD : neon date parsing vulnerability (8d075001-a9ce-11d8-9c6d-0020ed76ef5a)
Redhat
| advisories |
|
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000841
- http://marc.info/?l=bugtraq&m=108498433632333&w=2
- http://marc.info/?l=bugtraq&m=108500057108022&w=2
- http://secunia.com/advisories/11638
- http://secunia.com/advisories/11650
- http://secunia.com/advisories/11673
- http://security.gentoo.org/glsa/glsa-200405-13.xml
- http://security.gentoo.org/glsa/glsa-200405-15.xml
- http://www.ciac.org/ciac/bulletins/o-148.shtml
- http://www.debian.org/security/2004/dsa-506
- http://www.debian.org/security/2004/dsa-507
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:049
- http://www.osvdb.org/6302
- http://www.redhat.com/support/errata/RHSA-2004-191.html
- http://www.securityfocus.com/bid/10385
- https://bugzilla.fedora.us/show_bug.cgi?id=1552
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16192