Vulnerabilities > CVE-2008-3746 - Denial Of Service vulnerability in Webdav Neon 0.28.0/0.28.1/0.28.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-074.NASL description A security vulnerability has been identified and fixed in neon : neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication and Digest domain parameter support (CVE-2008-3746). The updated packages have been upgraded to version 0.28.3 to prevent this. last seen 2020-06-01 modified 2020-06-02 plugin id 37634 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37634 title Mandriva Linux Security Advisory : libneon0.27 (MDVSA-2009:074) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2009:074. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(37634); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:51"); script_cve_id("CVE-2008-3746"); script_bugtraq_id(30710); script_xref(name:"MDVSA", value:"2009:074"); script_name(english:"Mandriva Linux Security Advisory : libneon0.27 (MDVSA-2009:074)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A security vulnerability has been identified and fixed in neon : neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication and Digest domain parameter support (CVE-2008-3746). The updated packages have been upgraded to version 0.28.3 to prevent this." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64neon0.27"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64neon0.27-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64neon0.27-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libneon0.27"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libneon0.27-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libneon0.27-static-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.1"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64neon0.27-0.28.3-0.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64neon0.27-devel-0.28.3-0.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"x86_64", reference:"lib64neon0.27-static-devel-0.28.3-0.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libneon0.27-0.28.3-0.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libneon0.27-devel-0.28.3-0.1mdv2008.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.1", cpu:"i386", reference:"libneon0.27-static-devel-0.28.3-0.1mdv2008.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-835-1.NASL description Joe Orton discovered that neon did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 41046 published 2009-09-22 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41046 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : neon, neon27 vulnerabilities (USN-835-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-835-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(41046); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2008-3746", "CVE-2009-2474"); script_bugtraq_id(30710, 36079); script_xref(name:"USN", value:"835-1"); script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : neon, neon27 vulnerabilities (USN-835-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Joe Orton discovered that neon did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/835-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libneon25"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libneon25-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libneon25-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libneon27"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libneon27-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libneon27-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libneon27-gnutls"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libneon27-gnutls-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libneon27-gnutls-dev"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|8\.04|8\.10|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 8.10 / 9.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"libneon25", pkgver:"0.25.5.dfsg-5ubuntu0.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libneon25-dbg", pkgver:"0.25.5.dfsg-5ubuntu0.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libneon25-dev", pkgver:"0.25.5.dfsg-5ubuntu0.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libneon27", pkgver:"0.27.2-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libneon27-dbg", pkgver:"0.27.2-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libneon27-dev", pkgver:"0.27.2-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libneon27-gnutls", pkgver:"0.27.2-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libneon27-gnutls-dbg", pkgver:"0.27.2-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libneon27-gnutls-dev", pkgver:"0.27.2-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libneon27", pkgver:"0.28.2-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libneon27-dbg", pkgver:"0.28.2-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libneon27-dev", pkgver:"0.28.2-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libneon27-gnutls", pkgver:"0.28.2-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libneon27-gnutls-dbg", pkgver:"0.28.2-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libneon27-gnutls-dev", pkgver:"0.28.2-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libneon25-dev", pkgver:"0.28.2-6.1ubuntu0.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libneon27", pkgver:"0.28.2-6.1ubuntu0.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libneon27-dbg", pkgver:"0.28.2-6.1ubuntu0.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libneon27-dev", pkgver:"0.28.2-6.1ubuntu0.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libneon27-gnutls", pkgver:"0.28.2-6.1ubuntu0.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libneon27-gnutls-dbg", pkgver:"0.28.2-6.1ubuntu0.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libneon27-gnutls-dev", pkgver:"0.28.2-6.1ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libneon25 / libneon25-dbg / libneon25-dev / libneon27 / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_11_0_LIBNEON-DEVEL-080821.NASL description This update of neon fixes a NULL pointer dereference in the digest authentication code. (CVE-2008-3746) last seen 2020-06-01 modified 2020-06-02 plugin id 40028 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40028 title openSUSE Security Update : libneon-devel (libneon-devel-166) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libneon-devel-166. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40028); script_version("1.11"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-3746"); script_name(english:"openSUSE Security Update : libneon-devel (libneon-devel-166)"); script_summary(english:"Check for the libneon-devel-166 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of neon fixes a NULL pointer dereference in the digest authentication code. (CVE-2008-3746)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=419075" ); script_set_attribute( attribute:"solution", value:"Update the affected libneon-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libneon-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libneon27"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libneon27-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:neon"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"libneon-devel-0.28.2-17.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"libneon27-0.28.2-17.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"neon-0.28.2-17.2") ) flag++; if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"libneon27-32bit-0.28.2-17.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "neon"); }NASL family Fedora Local Security Checks NASL id FEDORA_2008-7661.NASL description This update includes the latest release of neon, fixing a security issue in the Digest authentication domain parameter support. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34422 published 2008-10-16 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34422 title Fedora 9 : neon-0.28.3-1.fc9 (2008-7661) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-7661. # include("compat.inc"); if (description) { script_id(34422); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2008-3746"); script_bugtraq_id(30710); script_xref(name:"FEDORA", value:"2008-7661"); script_name(english:"Fedora 9 : neon-0.28.3-1.fc9 (2008-7661)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update includes the latest release of neon, fixing a security issue in the Digest authentication domain parameter support. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=459620" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-October/015307.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?805cf847" ); script_set_attribute(attribute:"solution", value:"Update the affected neon package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:neon"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9"); script_set_attribute(attribute:"patch_publication_date", value:"2008/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/10/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC9", reference:"neon-0.28.3-1.fc9")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "neon"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_755FA51980A911DD8DE50030843D3802.NASL description Joe Orton reports : A NULL pointer deference in the Digest authentication support in neon versions 0.28.0 through 0.28.2 inclusive allows a malicious server to crash a client application, resulting in possible denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 34188 published 2008-09-12 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34188 title FreeBSD : neon -- NULL pointer dereference in Digest domain support (755fa519-80a9-11dd-8de5-0030843d3802) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(34188); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:39"); script_cve_id("CVE-2008-3746"); script_bugtraq_id(30710); script_name(english:"FreeBSD : neon -- NULL pointer dereference in Digest domain support (755fa519-80a9-11dd-8de5-0030843d3802)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Joe Orton reports : A NULL pointer deference in the Digest authentication support in neon versions 0.28.0 through 0.28.2 inclusive allows a malicious server to crash a client application, resulting in possible denial of service." ); # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571 script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571" ); script_set_attribute( attribute:"see_also", value:"http://lists.manyfish.co.uk/pipermail/neon/2008-August/000040.html" ); # https://vuxml.freebsd.org/freebsd/755fa519-80a9-11dd-8de5-0030843d3802.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?50cb126a" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:neon28"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/08/15"); script_set_attribute(attribute:"patch_publication_date", value:"2008/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"neon28<0.28.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Statements
| contributor | Tomas Hoger |
| lastmodified | 2008-08-28 |
| organization | Red Hat |
| statement | Not vulnerable. This issue did not affect the versions of neon as shipped with Red Hat Enterprise Linux 4, or 5. |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571
- http://lists.manyfish.co.uk/pipermail/neon/2008-August/000038.html
- http://lists.manyfish.co.uk/pipermail/neon/2008-August/000040.html
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
- http://secunia.com/advisories/31508
- http://secunia.com/advisories/31687
- http://secunia.com/advisories/32286
- http://secunia.com/advisories/36799
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:074
- http://www.openwall.com/lists/oss-security/2008/08/15/4
- http://www.openwall.com/lists/oss-security/2008/08/20/2
- http://www.openwall.com/lists/oss-security/2008/08/20/5
- http://www.securityfocus.com/bid/30710
- http://www.securitytracker.com/id?1020725
- http://www.ubuntu.com/usn/usn-835-1
- http://www.vupen.com/english/advisories/2008/2420
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44511
- https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00367.html