Detections
Analytics

GLSA-200411-31 : ProZilla: Multiple vulnerabilities

critical Nessus Plugin ID 15818

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200411-31 (ProZilla: Multiple vulnerabilities)

 ProZilla contains several exploitable buffer overflows in the code handling the network protocols.
 Impact :

 A remote attacker could setup a malicious server and entice a user to retrieve files from that server using ProZilla. This could lead to the execution of arbitrary code with the rights of the user running ProZilla.
 Workaround :

 There is no known workaround at this time.

Solution

Currently, there is no released version of ProZilla that contains a fix for these issues. The original author did not respond to our queries, the code contains several other problems and more secure alternatives exist. Therefore, the ProZilla package has been hard-masked prior to complete removal from Portage, and current users are advised to unmerge the package.

See Also

https://security.gentoo.org/glsa/200411-31

Plugin Details

Severity: Critical

ID: 15818

File Name: gentoo_GLSA-200411-31.nasl

Version: 1.17

Type: local

Published: 11/23/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:prozilla, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 11/23/2004

Vulnerability Publication Date: 11/23/2004

Reference Information

CVE: CVE-2004-1120

GLSA: 200411-31