10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.2 Medium
AI Score
Confidence
High
0.014 Low
EPSS
Percentile
86.7%
Debian Security Advisory DSA-2571-1 [email protected]
http://www.debian.org/security/ Raphael Geissert
November 04, 2012 http://www.debian.org/security/faq
Package : libproxy
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-4505
The Red Hat Security Response Team discovered that libproxy, a library
for automatic proxy configuration management, applied insufficient
validation to the Content-Length header sent by a server providing a
proxy.pac file. Such remote server could trigger an integer overflow
and consequently overflow an in-memory buffer.
For the stable distribution (squeeze), this problem has been fixed in
version 0.3.1-2+squeeze1.
For the testing distribution (wheezy), and the unstable distribution
(sid), this problem has been fixed in version 0.3.1-5.1.
We recommend that you upgrade your libproxy packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | mipsel | libproxy0 | < 0.3.1-2+squeeze1 | libproxy0_0.3.1-2+squeeze1_mipsel.deb |
Debian | 6 | mipsel | libproxy-dev | < 0.3.1-2+squeeze1 | libproxy-dev_0.3.1-2+squeeze1_mipsel.deb |
Debian | 6 | i386 | libproxy-tools | < 0.3.1-2+squeeze1 | libproxy-tools_0.3.1-2+squeeze1_i386.deb |
Debian | 6 | all | python-libproxy | < 0.3.1-2+squeeze1 | python-libproxy_0.3.1-2+squeeze1_all.deb |
Debian | 6 | powerpc | libproxy0 | < 0.3.1-2+squeeze1 | libproxy0_0.3.1-2+squeeze1_powerpc.deb |
Debian | 6 | sparc | libproxy-tools | < 0.3.1-2+squeeze1 | libproxy-tools_0.3.1-2+squeeze1_sparc.deb |
Debian | 6 | kfreebsd-i386 | libproxy0 | < 0.3.1-2+squeeze1 | libproxy0_0.3.1-2+squeeze1_kfreebsd-i386.deb |
Debian | 6 | amd64 | libproxy-tools | < 0.3.1-2+squeeze1 | libproxy-tools_0.3.1-2+squeeze1_amd64.deb |
Debian | 6 | all | libproxy | < 0.3.1-2+squeeze1 | libproxy_0.3.1-2+squeeze1_all.deb |
Debian | 6 | amd64 | libproxy-dev | < 0.3.1-2+squeeze1 | libproxy-dev_0.3.1-2+squeeze1_amd64.deb |