GLSA-200406-22 : Pavuk: Remote buffer overflow

high Nessus Plugin ID 14533

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200406-22 (Pavuk: Remote buffer overflow)

When Pavuk connects to a web server and the server sends back the HTTP status code 305 (Use Proxy), Pavuk copies data from the HTTP Location header in an unsafe manner.
Impact :

An attacker could cause a stack-based buffer overflow which could lead to arbitrary code execution with the rights of the user running Pavuk.
Workaround :

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version.

Solution

All Pavuk users should upgrade to the latest stable version:
# emerge sync # emerge -pv '>=net-misc/pavuk-0.9.28-r2' # emerge '>='net-misc/pavuk-0.9.28-r2

See Also

https://security.gentoo.org/glsa/200406-22

Plugin Details

Severity: High

ID: 14533

File Name: gentoo_GLSA-200406-22.nasl

Version: 1.15

Type: local

Published: 8/30/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:pavuk, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 6/30/2004

Vulnerability Publication Date: 6/30/2004

Reference Information

CVE: CVE-2004-0456

GLSA: 200406-22