Lucene search

Gentoo FoundationGLSA-200407-19

HistoryJul 26, 2004 - 12:00 a.m.

Pavuk: Digest authentication helper buffer overflow

2004-07-2600:00:00

Gentoo Foundation

security.gentoo.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.046 Low

EPSS

Percentile

92.5%

JSON

Background

Pavuk is web spider and website mirroring tool.

Description

Pavuk contains several buffer overflow vulnerabilities in the code handling digest authentication.

Impact

An attacker could cause a buffer overflow, leading to arbitrary code execution with the rights of the user running Pavuk.

Workaround

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Pavuk.

Resolution

All Pavuk users should upgrade to the latest version:

 # emerge sync
 
 # emerge -pv "&gt;=net-misc/pavuk-0.9.28-r3"
 # emerge "&gt;=net-misc/pavuk-0.9.28-r3"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/pavuk<= 0.9.28-r2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	net-misc/pavuk	<= 0.9.28-r2	UNKNOWN

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.046 Low

EPSS

Percentile

92.5%

JSON

Related for GLSA-200407-19