Detections
Analytics

Debian DSA-527-1 : pavuk - buffer overflow

high Nessus Plugin ID 15364

Synopsis

The remote Debian host is missing a security-related update.

Description

Ulf Harnhammar discovered a vulnerability in pavuk, a file retrieval program, whereby an oversized HTTP 305 response sent by a malicious server could cause arbitrary code to be executed with the privileges of the pavuk process.

Solution

For the current stable distribution (woody), this problem has been fixed in version 0.9pl28-1woody1.

pavuk is no longer included in the unstable distribution of Debian.

We recommend that you update your pavuk package.

See Also

http://www.debian.org/security/2004/dsa-527

Plugin Details

Severity: High

ID: 15364

File Name: debian_DSA-527.nasl

Version: 1.23

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:pavuk, cpe:/o:debian:debian_linux:3.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 7/3/2004

Vulnerability Publication Date: 6/30/2004

Reference Information

CVE: CVE-2004-0456

BID: 10633

DSA: 527