FreeBSD fetch HTTP Header Overflow

2004-11-18T00:00:00
ID OSVDB:11921
Type osvdb
Reporter Colin Percival(colin.percival@wadham.ox.ac.uk)
Modified 2004-11-18T00:00:00

Description

Vulnerability Description

A remote overflow exists in fetch on FreeBSD. The fetch utility, which is a tool for fetching files via FTP, HTTP, and HTTPS, fails to check bounds on certain incoming HTTP headers resulting in an integer overflow. With a specially crafted response from a malicious server or CGI script, an attacker can overflow a buffer and execute arbitrary code resulting in a loss of integrity.

Solution Description

Upgrade to version 4-STABLE or 5-STABLE, or to the RELENG_5_3, RELENG_5_2, RELENG_4_10, or RELENG_4_8 security branch dated after the correction date, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch for some older versions.

Short Description

A remote overflow exists in fetch on FreeBSD. The fetch utility, which is a tool for fetching files via FTP, HTTP, and HTTPS, fails to check bounds on certain incoming HTTP headers resulting in an integer overflow. With a specially crafted response from a malicious server or CGI script, an attacker can overflow a buffer and execute arbitrary code resulting in a loss of integrity.

References:

Vendor Specific Solution URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:16/fetch.patch Vendor Specific Solution URL: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:16/fetch.patch.asc Security Tracker: 1012259 Secunia Advisory ID:13226 Other Advisory URL: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:16.fetch.asc Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0229.html ISS X-Force ID: 18160 Generic Informational URL: http://www.gsp.com/cgi-bin/man.cgi?section=1&topic=fetch CVE-2004-1053 Bugtraq ID: 11702