Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2004:191
HistoryMay 19, 2004 - 12:00 a.m.

(RHSA-2004:191) cadaver security update

2004-05-1900:00:00
access.redhat.com
10

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

87.2%

JSON

cadaver is a command-line WebDAV client that uses inbuilt code from neon,
an HTTP and WebDAV client library.

Stefan Esser discovered a flaw in the neon library which allows a heap
buffer overflow in a date parsing routine. An attacker could create
a malicious WebDAV server in such a way as to allow arbitrary code
execution on the client should a user connect to it using cadaver. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0398 to this issue.

Users of cadaver are advised to upgrade to this updated package, which
contains a patch correcting this issue.

This issue does not affect Red Hat Enterprise Linux 3.

OSVersionArchitecturePackageVersionFilename
RedHatanyi386cadaver< 0.22.1-1.0cadaver-0.22.1-1.0.i386.rpm
RedHatanyia64cadaver< 0.22.1-1.0cadaver-0.22.1-1.0.ia64.rpm

Related

nessus 11
debiancve 1
ubuntucve 1
securityvulns 3
openvas 5
cve 1
freebsd 1
gentoo 2
osv 1
debian 4
suse 9
cert 1
nessus
nessus
GLSA-200405-15 : cadaver heap-based buffer overflow
2004-08-30 00:00:00
Debian DSA-507-1 : cadaver - buffer overflow
2004-09-29 00:00:00
GLSA-200405-13 : neon heap-based buffer overflow
2004-08-30 00:00:00
debiancve
debiancve
CVE-2004-0398
2004-07-07 04:00:00
ubuntucve
ubuntucve
CVE-2004-0398
2004-07-07 00:00:00
securityvulns
securityvulns
Advisory 06/2004: libneon date parsing vulnerability
2004-05-19 00:00:00
SUSE Security Announcement: kernel &#40;SuSE-SA:2004:017&#41;
2004-06-18 00:00:00
SUSE Security Announcement: kernel &#40;SUSE-SA:2004:020&#41;
2004-07-03 00:00:00
openvas
openvas
FreeBSD Ports: neon
2008-09-04 00:00:00
Debian Security Advisory DSA 506-1 (neon)
2008-01-17 00:00:00
Debian Security Advisory DSA 507-1 (cadaver)
2008-01-17 00:00:00
cve
cve
CVE-2004-0398
2004-07-07 04:00:00
freebsd
freebsd
neon date parsing vulnerability
2004-05-19 00:00:00
gentoo
gentoo
neon heap-based buffer overflow
2004-05-20 00:00:00
cadaver heap-based buffer overflow
2004-05-20 00:00:00
osv
osv
neon - buffer overflow
2004-05-19 00:00:00
debian
debian
[SECURITY] [DSA 506-1] New neon packages fix buffer overflow
2004-05-19 09:21:53
[SECURITY] [DSA 507-1] New cadaver packages fix buffer overflow
2004-05-19 11:36:47
[SECURITY] [DSA 507-1] New cadaver packages fix buffer overflow
2004-05-19 11:36:47
suse
suse
remote system compromise in subversion
2004-06-17 09:42:39
local denial-of-service attack in kernel
2004-06-16 14:13:55
remote system compromise in squid
2004-06-09 14:47:16
cert
cert
Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"
2004-06-15 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

87.2%

JSON
Related for RHSA-2004:191
nessus11debiancve1ubuntucve1securityvulns3openvas5cve1freebsd1gentoo2osv1debian4suse9cert1