Detections
Analytics

GLSA-200406-03 : sitecopy: Multiple vulnerabilities in included libneon

medium Nessus Plugin ID 14514

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200406-03 (sitecopy: Multiple vulnerabilities in included libneon)

 Multiple format string vulnerabilities and a heap overflow vulnerability were discovered in the code of the neon library (GLSA 200405-01 and 200405-13). Current versions of the sitecopy package include their own version of this library.
 Impact :

 When connected to a malicious WebDAV server, these vulnerabilities could allow execution of arbitrary code with the rights of the user running sitecopy.
 Workaround :

 There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of sitecopy.

Solution

All sitecopy users should upgrade to the latest version:
 # emerge sync # emerge -pv '>=net-misc/sitecopy-0.13.4-r2' # emerge '>=net-misc/sitecopy-0.13.4-r2'

See Also

https://security.gentoo.org/glsa/200405-01

https://security.gentoo.org/glsa/200405-13

https://security.gentoo.org/glsa/200406-03

Plugin Details

Severity: Medium

ID: 14514

File Name: gentoo_GLSA-200406-03.nasl

Version: 1.18

Type: local

Published: 8/30/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:sitecopy, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 6/5/2004

Reference Information

GLSA: 200406-03