Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201404-02
HistoryApr 07, 2014 - 12:00 a.m.

libproxy: User-assisted execution of arbitrary code

2014-04-0700:00:00
Gentoo Foundation
security.gentoo.org
12

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

84.9%

JSON

Background

libproxy is a library for automatic proxy configuration management.

Description

A boundary error when processing the proxy.pac file could cause a stack-based buffer overflow.

Impact

A man-in-the-middle attacker could provide a specially crafted proxy.pac file on a remote server, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All libproxy users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-libs/libproxy-0.4.10"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-libs/libproxy< 0.4.10UNKNOWN

Related

nessus 8
fedora 3
ubuntucve 2
cvelist 2
openvas 9
prion 2
cve 2
freebsd 1
debiancve 2
securityvulns 2
nvd 2
ubuntu 1
nessus
nessus
Mandriva Linux Security Advisory : libproxy (MDVSA-2012:172)
2012-11-20 00:00:00
Fedora 17 : libproxy-0.4.10-1.fc17 (2012-17574)
2012-11-19 00:00:00
GLSA-201404-02 : libproxy: User-assisted execution of arbitrary code
2014-04-08 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: libproxy-0.4.10-1.fc18
2012-11-11 02:55:49
[SECURITY] Fedora 17 Update: libproxy-0.4.10-1.fc17
2012-11-19 02:19:35
[SECURITY] Fedora 17 Update: libproxy-0.4.11-1.fc17
2013-03-10 01:01:36
ubuntucve
ubuntucve
CVE-2012-4504
2012-10-12 00:00:00
CVE-2012-4505
2012-10-12 00:00:00
cvelist
cvelist
CVE-2012-4504
2012-11-11 11:00:00
CVE-2012-4505
2012-11-11 11:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201404-02
2015-09-29 00:00:00
Mandriva Update for libproxy MDVSA-2012:172 (libproxy)
2012-11-23 00:00:00
Fedora Update for libproxy FEDORA-2012-17574
2012-11-19 00:00:00
prion
prion
Stack overflow
2012-11-11 13:00:00
Heap overflow
2012-11-11 13:00:00
cve
cve
CVE-2012-4504
2012-11-11 13:00:48
CVE-2012-4505
2012-11-11 13:00:49
freebsd
freebsd
libproxy -- stack-based buffer overflow
2012-10-10 00:00:00
debiancve
debiancve
CVE-2012-4504
2012-11-11 13:00:48
CVE-2012-4505
2012-11-11 13:00:49
securityvulns
securityvulns
[ MDVSA-2012:172 ] libproxy
2012-11-26 00:00:00
libproxy buffer overflow
2012-11-26 00:00:00
nvd
nvd
CVE-2012-4504
2012-11-11 13:00:48
CVE-2012-4505
2012-11-11 13:00:49
ubuntu
ubuntu
libproxy vulnerabilities
2012-11-12 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

84.9%

JSON
Related for GLSA-201404-02
nessus8fedora3ubuntucve2cvelist2openvas9prion2cve2freebsd1debiancve2securityvulns2nvd2ubuntu1