junkbuster -- heap corruption vulnerability and configuration modification vulnerability
2005-04-13T00:00:00
ID 97EDF5AB-B319-11D9-837D-000E0C2E438A Type freebsd Reporter FreeBSD Modified 2005-04-13T00:00:00
Description
A Debian advisory reports:
James Ranson discovered that an attacker can modify the
referrer setting with a carefully crafted URL by accidently
overwriting a global variable.
Tavis Ormandy from the Gentoo Security Team discovered
several heap corruptions due to inconsistent use of an
internal function that can crash the daemon or possibly
lead to the execution of arbitrary code.
{"id": "97EDF5AB-B319-11D9-837D-000E0C2E438A", "bulletinFamily": "unix", "title": "junkbuster -- heap corruption vulnerability and configuration modification vulnerability", "description": "\nA Debian advisory reports:\n\nJames Ranson discovered that an attacker can modify the\n\t referrer setting with a carefully crafted URL by accidently\n\t overwriting a global variable.\nTavis Ormandy from the Gentoo Security Team discovered\n\t several heap corruptions due to inconsistent use of an\n\t internal function that can crash the daemon or possibly\n\t lead to the execution of arbitrary code.\n\n", "published": "2005-04-13T00:00:00", "modified": "2005-04-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://vuxml.freebsd.org/freebsd/97edf5ab-b319-11d9-837d-000e0c2e438a.html", "reporter": "FreeBSD", "references": ["http://www.debian.org/security/2005/dsa-713", "http://www.gentoo.org/security/en/glsa/glsa-200504-11.xml"], "cvelist": ["CVE-2005-1108", "CVE-2005-1109"], "type": "freebsd", "lastseen": "2019-05-29T18:34:59", "history": [{"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "junkbuster", "packageVersion": "2.0.2_3"}], "bulletinFamily": "unix", "cvelist": ["CVE-2005-1108", "CVE-2005-1109"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "\nA Debian advisory reports:\n\nJames Ranson discovered that an attacker can modify the\n\t referrer setting with a carefully crafted URL by accidently\n\t overwriting a global variable.\nTavis Ormandy from the Gentoo Security Team discovered\n\t several heap corruptions due to inconsistent use of an\n\t internal function that can crash the daemon or possibly\n\t lead to the execution of arbitrary code.\n\n", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "bb9b74fbada5ece1225939ed9e925bf77a9416012dc22cd4d7f28c301c9d1d98", "hashmap": [{"hash": "3837e8ba68994d90468a3fdc72063bfb", "key": "href"}, {"hash": "12ae268df5c9a44db271738231ea9a55", "key": "references"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "b144bb629f5643e22c2919d2065c426c", "key": "affectedPackage"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "4e56f4ce132deaaf4657288e01e0bb47", "key": "cvelist"}, {"hash": "2b59f26550fa05812e711980bc87727a", "key": "published"}, {"hash": "2b59f26550fa05812e711980bc87727a", "key": "modified"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "f53ba08aa074efd9c00c3a9e8d74059d", "key": "title"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "84c0113efb88290865c816f7ebd58bd0", "key": "description"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/97edf5ab-b319-11d9-837d-000e0c2e438a.html", "id": "97EDF5AB-B319-11D9-837D-000E0C2E438A", "lastseen": "2016-09-26T17:25:15", "modified": "2005-04-13T00:00:00", "objectVersion": "1.2", "published": "2005-04-13T00:00:00", "references": ["http://www.debian.org/security/2005/dsa-713", "http://www.gentoo.org/security/en/glsa/glsa-200504-11.xml"], "reporter": "FreeBSD", "title": "junkbuster -- heap corruption vulnerability and configuration modification vulnerability", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-09-26T17:25:15"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "junkbuster", "packageVersion": "2.0.2_3"}], "bulletinFamily": "unix", "cvelist": ["CVE-2005-1108", "CVE-2005-1109"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "\nA Debian advisory reports:\n\nJames Ranson discovered that an attacker can modify the\n\t referrer setting with a carefully crafted URL by accidently\n\t overwriting a global variable.\nTavis Ormandy from the Gentoo Security Team discovered\n\t several heap corruptions due to inconsistent use of an\n\t internal function that can crash the daemon or possibly\n\t lead to the execution of arbitrary code.\n\n", "edition": 3, "enchantments": {"dependencies": {"modified": "2018-08-31T01:15:59", "references": [{"idList": ["DEBIAN:DSA-713-1:E0FE7"], "type": "debian"}, {"idList": ["OPENVAS:53541", "OPENVAS:54913", "OPENVAS:52128"], "type": "openvas"}, {"idList": ["GLSA-200504-11"], "type": "gentoo"}, {"idList": ["FREEBSD_PKG_97EDF5ABB31911D9837D000E0C2E438A.NASL", "GENTOO_GLSA-200504-11.NASL", "DEBIAN_DSA-713.NASL"], "type": "nessus"}, {"idList": ["OSVDB:15502", "OSVDB:15503"], "type": "osvdb"}, {"idList": ["CVE-2005-1108", "CVE-2005-1109"], "type": "cve"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "bb9b74fbada5ece1225939ed9e925bf77a9416012dc22cd4d7f28c301c9d1d98", "hashmap": [{"hash": "3837e8ba68994d90468a3fdc72063bfb", "key": "href"}, {"hash": "12ae268df5c9a44db271738231ea9a55", "key": "references"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "b144bb629f5643e22c2919d2065c426c", "key": "affectedPackage"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "4e56f4ce132deaaf4657288e01e0bb47", "key": "cvelist"}, {"hash": "2b59f26550fa05812e711980bc87727a", "key": "published"}, {"hash": "2b59f26550fa05812e711980bc87727a", "key": "modified"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "f53ba08aa074efd9c00c3a9e8d74059d", "key": "title"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "84c0113efb88290865c816f7ebd58bd0", "key": "description"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/97edf5ab-b319-11d9-837d-000e0c2e438a.html", "id": "97EDF5AB-B319-11D9-837D-000E0C2E438A", "lastseen": "2018-08-31T01:15:59", "modified": "2005-04-13T00:00:00", "objectVersion": "1.3", "published": "2005-04-13T00:00:00", "references": ["http://www.debian.org/security/2005/dsa-713", "http://www.gentoo.org/security/en/glsa/glsa-200504-11.xml"], "reporter": "FreeBSD", "title": "junkbuster -- heap corruption vulnerability and configuration modification vulnerability", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-31T01:15:59"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "junkbuster", "packageVersion": "2.0.2_3"}], "bulletinFamily": "unix", "cvelist": ["CVE-2005-1108", "CVE-2005-1109"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "\nA Debian advisory reports:\n\nJames Ranson discovered that an attacker can modify the\n\t referrer setting with a carefully crafted URL by accidently\n\t overwriting a global variable.\nTavis Ormandy from the Gentoo Security Team discovered\n\t several heap corruptions due to inconsistent use of an\n\t internal function that can crash the daemon or possibly\n\t lead to the execution of arbitrary code.\n\n", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "5d05a0edc614789c84faa7a39befd54d75641fa5cf456dc27f02a087713713b9", "hashmap": [{"hash": "3837e8ba68994d90468a3fdc72063bfb", "key": "href"}, {"hash": "12ae268df5c9a44db271738231ea9a55", "key": "references"}, {"hash": "b144bb629f5643e22c2919d2065c426c", "key": "affectedPackage"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "4e56f4ce132deaaf4657288e01e0bb47", "key": "cvelist"}, {"hash": "2b59f26550fa05812e711980bc87727a", "key": "published"}, {"hash": "2b59f26550fa05812e711980bc87727a", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "f53ba08aa074efd9c00c3a9e8d74059d", "key": "title"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "84c0113efb88290865c816f7ebd58bd0", "key": "description"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/97edf5ab-b319-11d9-837d-000e0c2e438a.html", "id": "97EDF5AB-B319-11D9-837D-000E0C2E438A", "lastseen": "2018-08-30T19:16:20", "modified": "2005-04-13T00:00:00", "objectVersion": "1.3", "published": "2005-04-13T00:00:00", "references": ["http://www.debian.org/security/2005/dsa-713", "http://www.gentoo.org/security/en/glsa/glsa-200504-11.xml"], "reporter": "FreeBSD", "title": "junkbuster -- heap corruption vulnerability and configuration modification vulnerability", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:16:20"}], "edition": 4, "hashmap": [{"key": "affectedPackage", "hash": "b144bb629f5643e22c2919d2065c426c"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "4e56f4ce132deaaf4657288e01e0bb47"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "description", "hash": "84c0113efb88290865c816f7ebd58bd0"}, {"key": "href", "hash": "3837e8ba68994d90468a3fdc72063bfb"}, {"key": "modified", "hash": "2b59f26550fa05812e711980bc87727a"}, {"key": "published", "hash": "2b59f26550fa05812e711980bc87727a"}, {"key": "references", "hash": "12ae268df5c9a44db271738231ea9a55"}, {"key": "reporter", "hash": "a3dc630729e463135f4e608954fa6e19"}, {"key": "title", "hash": "f53ba08aa074efd9c00c3a9e8d74059d"}, {"key": "type", "hash": "1527e888767cdce15d200b870b39cfd0"}], "hash": "bb86c63749aef4d7201b8bdb98b0f76f7d0195a234f09fc00cf15ec9dcaaf359", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-1109", "CVE-2005-1108"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_97EDF5ABB31911D9837D000E0C2E438A.NASL", "DEBIAN_DSA-713.NASL", "GENTOO_GLSA-200504-11.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:53541", "OPENVAS:52128", "OPENVAS:54913"]}, {"type": "debian", "idList": ["DEBIAN:DSA-713-1:E0FE7"]}, {"type": "gentoo", "idList": ["GLSA-200504-11"]}, {"type": "osvdb", "idList": ["OSVDB:15503", "OSVDB:15502"]}], "modified": "2019-05-29T18:34:59"}, "score": {"value": 6.9, "vector": "NONE", "modified": "2019-05-29T18:34:59"}, "vulnersScore": 6.9}, "objectVersion": "1.3", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "junkbuster", "packageVersion": "2.0.2_3"}], "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption.", "modified": "2017-07-11T01:32:00", "id": "CVE-2005-1109", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1109", "published": "2005-05-02T04:00:00", "title": "CVE-2005-1109", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request.", "modified": "2017-07-11T01:32:00", "id": "CVE-2005-1108", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1108", "published": "2005-05-02T04:00:00", "title": "CVE-2005-1108", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:37", "bulletinFamily": "unix", "description": "### Background\n\nJunkBuster is a filtering HTTP proxy, designed to enhance privacy and remove unwanted content. \n\n### Description\n\nJames Ranson reported a vulnerability when JunkBuster is configured to run in single-threaded mode, an attacker can modify the referrer setting by getting a victim to request a specially crafted URL (CAN-2005-1108). Tavis Ormandy of the Gentoo Linux Security Audit Team identified a heap corruption issue in the filtering of URLs (CAN-2005-1109). \n\n### Impact\n\nIf JunkBuster has been configured to run in single-threaded mode, an attacker can disable or modify the filtering of Referrer: HTTP headers, potentially compromising the privacy of users. The heap corruption vulnerability could crash or disrupt the operation of the proxy, potentially executing arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll JunkBuster users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-proxy/junkbuster-2.0.2-r3\"", "modified": "2005-04-21T00:00:00", "published": "2005-04-13T00:00:00", "id": "GLSA-200504-11", "href": "https://security.gentoo.org/glsa/200504-11", "type": "gentoo", "title": "JunkBuster: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:43", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200504-11.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54913", "id": "OPENVAS:54913", "title": "Gentoo Security Advisory GLSA 200504-11 (junkbuster)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"JunkBuster is vulnerable to a heap corruption vulnerability, and under\ncertain configurations may allow an attacker to modify settings.\";\ntag_solution = \"All JunkBuster users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-proxy/junkbuster-2.0.2-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200504-11\nhttp://bugs.gentoo.org/show_bug.cgi?id=88537\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200504-11.\";\n\n \n\nif(description)\n{\n script_id(54913);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-1108\", \"CVE-2005-1109\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200504-11 (junkbuster)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-proxy/junkbuster\", unaffected: make_list(\"ge 2.0.2-r3\"), vulnerable: make_list(\"lt 2.0.2-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-21T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52128", "id": "OPENVAS:52128", "title": "FreeBSD Ports: junkbuster", "type": "openvas", "sourceData": "#\n#VID 97edf5ab-b319-11d9-837d-000e0c2e438a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n junkbuster\n junkbuster-zlib\n\nCVE-2005-1108\nThe ij_untrusted_url function in JunkBuster 2.0.2-r2, with\nsingle-threaded mode enabled, allows remote attackers to overwrite the\nreferrer field via a crafted HTTP request.\n\nCVE-2005-1109\nThe filtering of URLs in JunkBuster before 2.0.2-r3 allows remote\nattackers to cause a denial of service (application crash) and\npossibly execute arbitrary code via heap corruption.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.debian.org/security/2005/dsa-713\nhttp://www.gentoo.org/security/en/glsa/glsa-200504-11.xml\nhttp://www.vuxml.org/freebsd/97edf5ab-b319-11d9-837d-000e0c2e438a.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52128);\n script_version(\"$Revision: 4125 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-21 07:39:51 +0200 (Wed, 21 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-1108\", \"CVE-2005-1109\");\n script_bugtraq_id(13146,13147);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: junkbuster\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"junkbuster\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.0.2_3\")<0) {\n txt += 'Package junkbuster version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"junkbuster-zlib\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package junkbuster-zlib version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:21", "bulletinFamily": "scanner", "description": "The remote host is missing an update to junkbuster\nannounced via advisory DSA 713-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53541", "id": "OPENVAS:53541", "title": "Debian Security Advisory DSA 713-1 (junkbuster)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_713_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 713-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several bugs have been found in junkbuster, a HTTP proxy and filter.\nThe Common Vulnerability and Exposures project identifies the\nfollowing vulnerabilities:\n\nCVE-2005-1108\n\nJames Ranson discovered that an attacker can modify the referrer\nsetting with a carefully crafted URL by accidentally overwriting a\nglobal variable.\n\nCVE-2005-1109\n\nTavis Ormandy from the Gentoo Security Team discovered several\nheap corruptions due to inconsistent use of an internal function\nthat can crash the daemon or possibly lead to the execution of\narbitrary code.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.0.2-0.2woody1.\n\nThe unstable distribution (sid) doesn't contain the junkbuster package\nanymore.\n\nWe recommend that you upgrade your junkbuster package.\";\ntag_summary = \"The remote host is missing an update to junkbuster\nannounced via advisory DSA 713-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20713-1\";\n\nif(description)\n{\n script_id(53541);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:00:53 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-1108\", \"CVE-2005-1109\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 713-1 (junkbuster)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"junkbuster\", ver:\"2.0.2-0.2woody1\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:21:24", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 713-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 21st, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : junkbuster\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2005-1108 CAN-2005-1109\n\nSeveral bugs have been found in junkbuster, a HTTP proxy and filter.\nThe Common Vulnerability and Exposures project identifies the\nfollowing vulnerabilities:\n\nCAN-2005-1108\n\n James Ranson discovered that an attacker can modify the referrer\n setting with a carefully crafted URL by accidently overwriting a\n global variable.\n\nCAN-2005-1109\n\n Tavis Ormandy from the Gentoo Security Team discovered several\n heap corruptions due to inconsistent use of an internal function\n that can crash the daemon or possibly lead to the execution of\n arbitrary code.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.0.2-0.2woody1.\n\nThe unstable distribution (sid) doesn't contain the junkbuster package\nanymore.\n\nWe recommend that you upgrade your junkbuster package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1.dsc\n Size/MD5 checksum: 580 1cdd2e8d2e09436cb8e2bc33b5154507\n http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1.diff.gz\n Size/MD5 checksum: 35888 40990dc45ceffb0753f3f67a1a777a9f\n http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2.orig.tar.gz\n Size/MD5 checksum: 190501 87d96ac9fca6e9749f1b330fbc2e0e5c\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_alpha.deb\n Size/MD5 checksum: 108972 9d4516bf66d0e8825cfa7f6835fa21b1\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_arm.deb\n Size/MD5 checksum: 104828 54d4c289fd14ff250a9146f7d816354b\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_i386.deb\n Size/MD5 checksum: 103932 6629b6cc4364ff52575e30164c61f79c\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_ia64.deb\n Size/MD5 checksum: 118322 087d9fac21f9cfbf663816a3b45a0588\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_hppa.deb\n Size/MD5 checksum: 108420 b794d097c59728246128ac3da1c4f4bd\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_m68k.deb\n Size/MD5 checksum: 101920 0e03c20861d536936500311a79678119\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_mips.deb\n Size/MD5 checksum: 106996 e66b3dcce5d4797e9111b955b8ddbbb4\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_mipsel.deb\n Size/MD5 checksum: 107078 d0a5c23e80800dc33b4fefd80a866416\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_powerpc.deb\n Size/MD5 checksum: 104740 98fbadd57996160f04581e88c8181cb1\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_s390.deb\n Size/MD5 checksum: 103856 c879b8597bdb25363fb934a2b31101cc\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_sparc.deb\n Size/MD5 checksum: 108180 39cf7dfaa41dc45c67e345e331116d85\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "modified": "2005-04-21T00:00:00", "published": "2005-04-21T00:00:00", "id": "DEBIAN:DSA-713-1:E0FE7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00094.html", "title": "[SECURITY] [DSA 713-1] New junkbuster packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-11-01T02:25:49", "bulletinFamily": "scanner", "description": "Several bugs have been found in junkbuster, a HTTP proxy and filter.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing vulnerabilities :\n\n - CAN-2005-1108\n James Ranson discovered that an attacker can modify the\n referrer setting with a carefully crafted URL by\n accidentally overwriting a global variable.\n\n - CAN-2005-1109\n\n Tavis Ormandy from the Gentoo Security Team discovered\n several heap corruptions due to inconsistent use of an\n internal function that can crash the daemon or possibly\n lead to the execution of arbitrary code.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-713.NASL", "href": "https://www.tenable.com/plugins/nessus/18115", "published": "2005-04-22T00:00:00", "title": "Debian DSA-713-1 : junkbuster - several vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-713. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18115);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/08/02 13:32:18\");\n\n script_cve_id(\"CVE-2005-1108\", \"CVE-2005-1109\");\n script_xref(name:\"DSA\", value:\"713\");\n\n script_name(english:\"Debian DSA-713-1 : junkbuster - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several bugs have been found in junkbuster, a HTTP proxy and filter.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing vulnerabilities :\n\n - CAN-2005-1108\n James Ranson discovered that an attacker can modify the\n referrer setting with a carefully crafted URL by\n accidentally overwriting a global variable.\n\n - CAN-2005-1109\n\n Tavis Ormandy from the Gentoo Security Team discovered\n several heap corruptions due to inconsistent use of an\n internal function that can crash the daemon or possibly\n lead to the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-713\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the junkbuster package.\n\nFor the stable distribution (woody) these problems have been fixed in\nversion 2.0.2-0.2woody1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:junkbuster\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/22\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"junkbuster\", reference:\"2.0.2-0.2woody1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:40:13", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200504-11\n(JunkBuster: Multiple vulnerabilities)\n\n James Ranson reported a vulnerability when JunkBuster is configured to\n run in single-threaded mode, an attacker can modify the referrer\n setting by getting a victim to request a specially crafted URL\n (CAN-2005-1108). Tavis Ormandy of the Gentoo Linux Security Audit Team\n identified a heap corruption issue in the filtering of URLs\n (CAN-2005-1109).\n \nImpact :\n\n If JunkBuster has been configured to run in single-threaded mode, an\n attacker can disable or modify the filtering of Referrer: HTTP headers,\n potentially compromising the privacy of users. The heap corruption\n vulnerability could crash or disrupt the operation of the proxy,\n potentially executing arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-200504-11.NASL", "href": "https://www.tenable.com/plugins/nessus/18044", "published": "2005-04-14T00:00:00", "title": "GLSA-200504-11 : JunkBuster: Multiple vulnerabilities", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200504-11.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18044);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:42\");\n\n script_cve_id(\"CVE-2005-1108\", \"CVE-2005-1109\");\n script_xref(name:\"GLSA\", value:\"200504-11\");\n\n script_name(english:\"GLSA-200504-11 : JunkBuster: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200504-11\n(JunkBuster: Multiple vulnerabilities)\n\n James Ranson reported a vulnerability when JunkBuster is configured to\n run in single-threaded mode, an attacker can modify the referrer\n setting by getting a victim to request a specially crafted URL\n (CAN-2005-1108). Tavis Ormandy of the Gentoo Linux Security Audit Team\n identified a heap corruption issue in the filtering of URLs\n (CAN-2005-1109).\n \nImpact :\n\n If JunkBuster has been configured to run in single-threaded mode, an\n attacker can disable or modify the filtering of Referrer: HTTP headers,\n potentially compromising the privacy of users. The heap corruption\n vulnerability could crash or disrupt the operation of the proxy,\n potentially executing arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200504-11\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All JunkBuster users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-proxy/junkbuster-2.0.2-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:junkbuster\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-proxy/junkbuster\", unaffected:make_list(\"ge 2.0.2-r3\"), vulnerable:make_list(\"lt 2.0.2-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"JunkBuster\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:39:07", "bulletinFamily": "scanner", "description": "A Debian advisory reports :\n\nJames Ranson discovered that an attacker can modify the referrer\nsetting with a carefully crafted URL by accidentally overwriting a\nglobal variable.\n\nTavis Ormandy from the Gentoo Security Team discovered several heap\ncorruptions due to inconsistent use of an internal function that can\ncrash the daemon or possibly lead to the execution of arbitrary code.", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_97EDF5ABB31911D9837D000E0C2E438A.NASL", "href": "https://www.tenable.com/plugins/nessus/19042", "published": "2005-07-13T00:00:00", "title": "FreeBSD : junkbuster -- heap corruption vulnerability and configuration modification vulnerability (97edf5ab-b319-11d9-837d-000e0c2e438a)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19042);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2019/08/02 13:32:37\");\n\n script_cve_id(\"CVE-2005-1108\", \"CVE-2005-1109\");\n script_bugtraq_id(13146, 13147);\n script_xref(name:\"DSA\", value:\"713\");\n\n script_name(english:\"FreeBSD : junkbuster -- heap corruption vulnerability and configuration modification vulnerability (97edf5ab-b319-11d9-837d-000e0c2e438a)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A Debian advisory reports :\n\nJames Ranson discovered that an attacker can modify the referrer\nsetting with a carefully crafted URL by accidentally overwriting a\nglobal variable.\n\nTavis Ormandy from the Gentoo Security Team discovered several heap\ncorruptions due to inconsistent use of an internal function that can\ncrash the daemon or possibly lead to the execution of arbitrary code.\"\n );\n # http://www.gentoo.org/security/en/glsa/glsa-200504-11.xml\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200504-11\"\n );\n # https://vuxml.freebsd.org/freebsd/97edf5ab-b319-11d9-837d-000e0c2e438a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fb39f3b1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:junkbuster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:junkbuster-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"junkbuster<2.0.2_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"junkbuster-zlib>0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:11", "bulletinFamily": "software", "description": "## Vulnerability Description\nJunkBuster contains a flaw that may allow a malicious user to modify the configuration setting. The issue is due to a heap corruption error in the filtering of URLs. When JunkBuster is configured to run in single-threaded mode, an attacker can modify the referrer setting with a specially crafted URL, resulting in a loss of confidentiality and integrity.\n## Solution Description\nUpgrade to version 2.0.2-r3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nJunkBuster contains a flaw that may allow a malicious user to modify the configuration setting. The issue is due to a heap corruption error in the filtering of URLs. When JunkBuster is configured to run in single-threaded mode, an attacker can modify the referrer setting with a specially crafted URL, resulting in a loss of confidentiality and integrity.\n## References:\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=88537\n[Vendor Specific Advisory URL](http://security.gentoo.org/glsa/glsa-200504-11.xml)\n[Secunia Advisory ID:15053](https://secuniaresearch.flexerasoftware.com/advisories/15053/)\n[Secunia Advisory ID:14932](https://secuniaresearch.flexerasoftware.com/advisories/14932/)\n[Secunia Advisory ID:14955](https://secuniaresearch.flexerasoftware.com/advisories/14955/)\n[Related OSVDB ID: 15502](https://vulners.com/osvdb/OSVDB:15502)\nOther Advisory URL: http://www.debian.org/security/2005/dsa-713\nISS X-Force ID: 20094\n[CVE-2005-1109](https://vulners.com/cve/CVE-2005-1109)\nBugtraq ID: 13146\n", "modified": "2005-04-13T05:30:43", "published": "2005-04-13T05:30:43", "href": "https://vulners.com/osvdb/OSVDB:15503", "id": "OSVDB:15503", "title": "Internet Junkbuster URL Filtering Heap Corruption", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:11", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=88537\n[Vendor Specific Advisory URL](http://security.gentoo.org/glsa/glsa-200504-11.xml)\n[Secunia Advisory ID:15053](https://secuniaresearch.flexerasoftware.com/advisories/15053/)\n[Secunia Advisory ID:14932](https://secuniaresearch.flexerasoftware.com/advisories/14932/)\n[Secunia Advisory ID:14955](https://secuniaresearch.flexerasoftware.com/advisories/14955/)\n[Related OSVDB ID: 15503](https://vulners.com/osvdb/OSVDB:15503)\nOther Advisory URL: http://www.debian.org/security/2005/dsa-713\nISS X-Force ID: 20093\n[CVE-2005-1108](https://vulners.com/cve/CVE-2005-1108)\nBugtraq ID: 13147\n", "modified": "2005-04-13T05:30:43", "published": "2005-04-13T05:30:43", "href": "https://vulners.com/osvdb/OSVDB:15502", "id": "OSVDB:15502", "title": "Internet Junkbuster Referrer Modification", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
