GLSA-200504-09 : Axel: Vulnerability in HTTP redirection handling
2005-04-13T00:00:00
ID GENTOO_GLSA-200504-09.NASL Type nessus Reporter Tenable Modified 2015-04-13T00:00:00
Description
The remote host is affected by the vulnerability described in GLSA-200504-09 (Axel: Vulnerability in HTTP redirection handling)
A possible buffer overflow has been reported in the HTTP redirection handling code in conn.c.
Impact :
A remote attacker could exploit this vulnerability by setting up a malicious site and enticing a user to connect to it. This could possibly lead to the execution of arbitrary code with the permissions of the user running Axel.
Workaround :
There is no known workaround at this time.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200504-09.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include("compat.inc");
if (description)
{
script_id(18031);
script_version("$Revision: 1.14 $");
script_cvs_date("$Date: 2015/04/13 13:41:58 $");
script_cve_id("CVE-2005-0390");
script_osvdb_id(15310);
script_xref(name:"GLSA", value:"200504-09");
script_name(english:"GLSA-200504-09 : Axel: Vulnerability in HTTP redirection handling");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-200504-09
(Axel: Vulnerability in HTTP redirection handling)
A possible buffer overflow has been reported in the HTTP
redirection handling code in conn.c.
Impact :
A remote attacker could exploit this vulnerability by setting up a
malicious site and enticing a user to connect to it. This could
possibly lead to the execution of arbitrary code with the permissions
of the user running Axel.
Workaround :
There is no known workaround at this time."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/200504-09"
);
script_set_attribute(
attribute:"solution",
value:
"All Axel users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-misc/axel-1.0b'"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:axel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2005/04/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/13");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/04/06");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"net-misc/axel", unaffected:make_list("ge 1.0b"), vulnerable:make_list("lt 1.0b"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Axel");
}
{"id": "GENTOO_GLSA-200504-09.NASL", "bulletinFamily": "scanner", "title": "GLSA-200504-09 : Axel: Vulnerability in HTTP redirection handling", "description": "The remote host is affected by the vulnerability described in GLSA-200504-09 (Axel: Vulnerability in HTTP redirection handling)\n\n A possible buffer overflow has been reported in the HTTP redirection handling code in conn.c.\n Impact :\n\n A remote attacker could exploit this vulnerability by setting up a malicious site and enticing a user to connect to it. This could possibly lead to the execution of arbitrary code with the permissions of the user running Axel.\n Workaround :\n\n There is no known workaround at this time.", "published": "2005-04-13T00:00:00", "modified": "2015-04-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18031", "reporter": "Tenable", "references": ["https://security.gentoo.org/glsa/200504-09"], "cvelist": ["CVE-2005-0390"], "type": "nessus", "lastseen": "2017-10-29T13:46:01", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2005-0390"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "The remote host is affected by the vulnerability described in GLSA-200504-09 (Axel: Vulnerability in HTTP redirection handling)\n\n A possible buffer overflow has been reported in the HTTP redirection handling code in conn.c.\n Impact :\n\n A remote attacker could exploit this vulnerability by setting up a malicious site and enticing a user to connect to it. This could possibly lead to the execution of arbitrary code with the permissions of the user running Axel.\n Workaround :\n\n There is no known workaround at this time.", "edition": 1, "enchantments": {}, "hash": "53a6330d5ba698b234ddb0f2c0d0259eef4c347982b38231590bdadfc38db8ca", "hashmap": [{"hash": "7690cd45113c561058aebe3684cb8ec7", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "2b59f26550fa05812e711980bc87727a", "key": "published"}, {"hash": "a188f3460170e7c988fb9a27034f0f06", "key": "pluginID"}, {"hash": "326af443ca0c41e91daa171ff124ce60", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "6005203de11e5063507a7394ffef0e8a", "key": "cvelist"}, {"hash": "4c964914f7f6ee19b22c630050048c99", "key": "description"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "36228393b3d02d94be7792514b0e448c", "key": "title"}, {"hash": "64de2d0c810fb5cb4853dcd08ddf097d", "key": "href"}, {"hash": "2290423a2a0ebb409a74e19f684d167a", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=18031", "id": "GENTOO_GLSA-200504-09.NASL", "lastseen": "2016-09-26T17:26:45", "modified": "2015-04-13T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.2", "pluginID": "18031", "published": "2005-04-13T00:00:00", "references": ["https://security.gentoo.org/glsa/200504-09"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200504-09.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18031);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2015/04/13 13:41:58 $\");\n\n script_cve_id(\"CVE-2005-0390\");\n script_osvdb_id(15310);\n script_xref(name:\"GLSA\", value:\"200504-09\");\n\n script_name(english:\"GLSA-200504-09 : Axel: Vulnerability in HTTP redirection handling\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200504-09\n(Axel: Vulnerability in HTTP redirection handling)\n\n A possible buffer overflow has been reported in the HTTP\n redirection handling code in conn.c.\n \nImpact :\n\n A remote attacker could exploit this vulnerability by setting up a\n malicious site and enticing a user to connect to it. This could\n possibly lead to the execution of arbitrary code with the permissions\n of the user running Axel.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200504-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Axel users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/axel-1.0b'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/axel\", unaffected:make_list(\"ge 1.0b\"), vulnerable:make_list(\"lt 1.0b\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Axel\");\n}\n", "title": "GLSA-200504-09 : Axel: Vulnerability in HTTP redirection handling", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:45"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "bf7cd0b451f698f41a72f0abe50822d8"}, {"key": "cvelist", "hash": "6005203de11e5063507a7394ffef0e8a"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "4c964914f7f6ee19b22c630050048c99"}, {"key": "href", "hash": "64de2d0c810fb5cb4853dcd08ddf097d"}, {"key": "modified", "hash": "326af443ca0c41e91daa171ff124ce60"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}, {"key": "pluginID", "hash": "a188f3460170e7c988fb9a27034f0f06"}, {"key": "published", "hash": "2b59f26550fa05812e711980bc87727a"}, {"key": "references", "hash": "2290423a2a0ebb409a74e19f684d167a"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "7690cd45113c561058aebe3684cb8ec7"}, {"key": "title", "hash": "36228393b3d02d94be7792514b0e448c"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "cd539e7f1fd2872195229e64560af1207619882e140b7fefc2c31101da13e8d5", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200504-09.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18031);\n script_version(\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2015/04/13 13:41:58 $\");\n\n script_cve_id(\"CVE-2005-0390\");\n script_osvdb_id(15310);\n script_xref(name:\"GLSA\", value:\"200504-09\");\n\n script_name(english:\"GLSA-200504-09 : Axel: Vulnerability in HTTP redirection handling\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200504-09\n(Axel: Vulnerability in HTTP redirection handling)\n\n A possible buffer overflow has been reported in the HTTP\n redirection handling code in conn.c.\n \nImpact :\n\n A remote attacker could exploit this vulnerability by setting up a\n malicious site and enticing a user to connect to it. This could\n possibly lead to the execution of arbitrary code with the permissions\n of the user running Axel.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200504-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Axel users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/axel-1.0b'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:axel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/axel\", unaffected:make_list(\"ge 1.0b\"), vulnerable:make_list(\"lt 1.0b\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Axel\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "18031", "cpe": ["p-cpe:/a:gentoo:linux:axel", "cpe:/o:gentoo:linux"]}
{"result": {"cve": [{"id": "CVE-2005-0390", "type": "cve", "title": "CVE-2005-0390", "description": "Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code.", "published": "2005-05-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0390", "cvelist": ["CVE-2005-0390"], "lastseen": "2016-09-03T05:07:26"}], "openvas": [{"id": "OPENVAS:52131", "type": "openvas", "title": "FreeBSD Ports: axel", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=52131", "cvelist": ["CVE-2005-0390"], "lastseen": "2017-07-02T21:10:24"}, {"id": "OPENVAS:53751", "type": "openvas", "title": "Debian Security Advisory DSA 706-1 (axel)", "description": "The remote host is missing an update to axel\nannounced via advisory DSA 706-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53751", "cvelist": ["CVE-2005-0390"], "lastseen": "2017-07-24T12:50:09"}, {"id": "OPENVAS:54911", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200504-09 (Axel)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200504-09.", "published": "2008-09-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=54911", "cvelist": ["CVE-2005-0390"], "lastseen": "2017-07-24T12:50:07"}], "debian": [{"id": "DSA-706", "type": "debian", "title": "axel -- buffer overflow", "description": "Ulf H\u00c3\u00a4rnhammar from the Debian Security Audit Project discovered a buffer overflow in axel, a light download accelerator. When reading remote input the program did not check if a part of the input can overflow a buffer and maybe trigger the execution of arbitrary code.\n\nFor the stable distribution (woody) this problem has been fixed in version 1.0a-1woody1.\n\nFor the unstable distribution (sid) this problem has been fixed in version 1.0b-1.\n\nWe recommend that you upgrade your axel package.", "published": "2005-04-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-706", "cvelist": ["CVE-2005-0390"], "lastseen": "2016-09-02T18:33:53"}], "nessus": [{"id": "FREEBSD_PKG_0163B498AF5411D9ACD0000854D03344.NASL", "type": "nessus", "title": "FreeBSD : axel -- remote buffer overflow (0163b498-af54-11d9-acd0-000854d03344)", "description": "A Debian Security Advisory reports :\n\nUlf Harnhammar from the Debian Security Audit Project discovered a buffer overflow in axel, a light download accelerator. When reading remote input the program did not check if a part of the input can overflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-07-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18815", "cvelist": ["CVE-2005-0390"], "lastseen": "2017-10-29T13:46:11"}, {"id": "DEBIAN_DSA-706.NASL", "type": "nessus", "title": "Debian DSA-706-1 : axel - buffer overflow", "description": "Ulf Harnhammar from the Debian Security Audit Project discovered a buffer overflow in axel, a light download accelerator. When reading remote input the program did not check if a part of the input can overflow a buffer and maybe trigger the execution of arbitrary code.", "published": "2005-04-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18030", "cvelist": ["CVE-2005-0390", "CVE-2001-0887"], "lastseen": "2017-10-29T13:44:16"}], "gentoo": [{"id": "GLSA-200504-09", "type": "gentoo", "title": "Axel: Vulnerability in HTTP redirection handling", "description": "### Background\n\nAxel is a console-based FTP/HTTP download accelerator. \n\n### Description\n\nA possible buffer overflow has been reported in the HTTP redirection handling code in conn.c. \n\n### Impact\n\nA remote attacker could exploit this vulnerability by setting up a malicious site and enticing a user to connect to it. This could possibly lead to the execution of arbitrary code with the permissions of the user running Axel. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Axel users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/axel-1.0b\"", "published": "2005-04-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200504-09", "cvelist": ["CVE-2005-0390"], "lastseen": "2016-09-06T19:46:14"}], "freebsd": [{"id": "0163B498-AF54-11D9-ACD0-000854D03344", "type": "freebsd", "title": "axel -- remote buffer overflow", "description": "\nA Debian Security Advisory reports:\n\nUlf H\u00c3\u00a4rnhammar from the Debian Security Audit Project\n\t discovered a buffer overflow in axel, a light download\n\t accelerator.\tWhen reading remote input the program did\n\t not check if a part of the input can overflow a buffer\n\t and maybe trigger the execution of arbitrary code.\n\n", "published": "2005-04-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/0163b498-af54-11d9-acd0-000854d03344.html", "cvelist": ["CVE-2005-0390"], "lastseen": "2016-09-26T17:25:15"}], "osvdb": [{"id": "OSVDB:15310", "type": "osvdb", "title": "Axel HTTP conn.c Redirection Overflow", "description": "## Solution Description\nUpgrade to version 1.0b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://wilmer.gaast.net/main.php/axel.html\nSecurity Tracker: 1013709\n[Secunia Advisory ID:14933](https://secuniaresearch.flexerasoftware.com/advisories/14933/)\n[Secunia Advisory ID:14939](https://secuniaresearch.flexerasoftware.com/advisories/14939/)\n[Secunia Advisory ID:14831](https://secuniaresearch.flexerasoftware.com/advisories/14831/)\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200504-09.xml\nOther Advisory URL: http://www.debian.org/security/2005/dsa-706\n[CVE-2005-0390](https://vulners.com/cve/CVE-2005-0390)\n", "published": "2005-04-06T10:42:39", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:15310", "cvelist": ["CVE-2005-0390"], "lastseen": "2017-04-28T13:20:11"}]}}
