Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDBD579366-5290-11D9-AC20-00065BE4B5B6
HistoryDec 15, 2004 - 12:00 a.m.

greed -- insecure GRX file processing

2004-12-1500:00:00
vuxml.freebsd.org
5

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.037 Low

EPSS

Percentile

91.7%

JSON

A buffer overflow vulnerability has been detected in the greed
URL handling code. This bug can especially be a problem when greed is
used to process GRX (GetRight) files that originate from untrusted
sources.
The bug finder, Manigandan Radhakrishnan, gave the following
description:

Here are the bugs. First, in main.c, DownloadLoop() uses strcat()
to copy an input filename to the end of a 128-byte COMMAND array.
Second, DownloadLoop() passes the input filename to system() without
checking for special characters such as semicolons.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgreed<= 0.81pUNKNOWN

Related

openvas 2
nessus 1
cve 2
openvas
openvas
FreeBSD Ports: greed
2008-09-04 00:00:00
FreeBSD Ports: greed
2008-09-04 00:00:00
nessus
nessus
FreeBSD : greed -- insecure GRX file processing (bd579366-5290-11d9-ac20-00065be4b5b6)
2005-07-13 00:00:00
cve
cve
CVE-2004-1273
2005-01-10 05:00:00
CVE-2004-1274
2005-01-10 05:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.037 Low

EPSS

Percentile

91.7%

JSON
Related for BD579366-5290-11D9-AC20-00065BE4B5B6
openvas2nessus1cve2