Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201001-06
HistoryJan 13, 2010 - 12:00 a.m.

aria2: Multiple vulnerabilities

2010-01-1300:00:00
Gentoo Foundation
security.gentoo.org
15

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.069 Low

EPSS

Percentile

93.9%

JSON

Background

aria2 is a download utility with resuming and segmented downloading with HTTP/HTTPS/FTP/BitTorrent support.

Description

Tatsuhiro Tsujikawa reported a buffer overflow in DHTRoutingTableDeserializer.cc (CVE-2009-3575) and a format string vulnerability in the AbstractCommand::onAbort() function in src/AbstractCommand.cc (CVE-2009-3617).

Impact

A remote, unauthenticated attacker could possibly execute arbitrary code with the privileges of the user running the application or cause a Denial of Service (application crash).

Workaround

Do not use DHT (CVE-2009-3575) and disable logging (CVE-2009-3617).

Resolution

All aria2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/aria2-1.6.3"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/aria2<Β 1.6.3UNKNOWN

Related

nessus 5
openvas 8
ubuntucve 2
debiancve 2
prion 2
cve 2
seebug 1
cvelist 2
nvd 2
securityvulns 1
debian 1
fedora 1
osv 1
nessus
nessus
GLSA-201001-06 : aria2: Multiple vulnerabilities
2010-02-25 00:00:00
Fedora 10 : aria2-1.3.1-2.fc10 (2009-10344)
2009-10-09 00:00:00
openSUSE Security Update : aria2 (aria2-1400)
2009-10-19 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201001-06 (aria2)
2010-01-20 00:00:00
Gentoo Security Advisory GLSA 201001-06 (aria2)
2010-01-20 00:00:00
Fedora Core 10 FEDORA-2009-10344 (aria2)
2009-10-13 00:00:00
ubuntucve
ubuntucve
CVE-2009-3617
2009-10-20 00:00:00
CVE-2009-3575
2009-10-07 00:00:00
debiancve
debiancve
CVE-2009-3617
2009-10-20 17:30:01
CVE-2009-3575
2009-10-07 17:30:00
prion
prion
Format string
2009-10-20 17:30:00
Buffer overflow
2009-10-07 17:30:00
cve
cve
CVE-2009-3617
2009-10-20 17:30:01
CVE-2009-3575
2009-10-07 17:30:00
seebug
seebug
aria2 AbstractCommand::onAbort()ε‡½ζ•°ζ ΌεΌδΈ²ζΌζ΄ž
2009-10-22 00:00:00
cvelist
cvelist
CVE-2009-3617
2009-10-20 17:00:00
CVE-2009-3575
2009-10-07 17:00:00
nvd
nvd
CVE-2009-3617
2009-10-20 17:30:01
CVE-2009-3575
2009-10-07 17:30:00
securityvulns
securityvulns
aria2 download manager buffer overflow
2009-09-10 00:00:00
debian
debian
[SECURITY] [DSA 1957-1] New aria2 packages fix arbitrary code execution
2009-12-28 09:58:08
fedora
fedora
[SECURITY] Fedora 10 Update: aria2-1.3.1-2.fc10
2009-10-09 03:38:55
osv
osv
aria2 - arbitrary code execution
2009-12-28 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.069 Low

EPSS

Percentile

93.9%

JSON
Related for GLSA-201001-06
nessus5openvas8ubuntucve2debiancve2prion2cve2seebug1cvelist2nvd2securityvulns1debian1fedora1osv1