Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Kurt Lieber <klieber@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200407-19 ] Pavuk: Digest authentication helper buffer overflow
Date: Mon, 26 Jul 2004 14:27:26
Message-Id: 20040726142700.GQ24932@mail.lieber.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200407-19
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Pavuk: Digest authentication helper buffer overflow
9 Date: July 26, 2004
10 ID: 200407-19
11
12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
13
14 Synopsis
15 ========
16
17 Pavuk contains a bug that can allow an attacker to run arbitrary code.
18
19 Background
20 ==========
21
22 Pavuk is web spider and website mirroring tool.
23
24 Affected packages
25 =================
26
27 -------------------------------------------------------------------
28 Package / Vulnerable / Unaffected
29 -------------------------------------------------------------------
30 1 net-misc/pavuk <= 0.9.28-r2 >= 0.9.28-r3
31
32 Description
33 ===========
34
35 Pavuk contains several buffer overflow vulnerabilities in the code
36 handling digest authentication.
37
38 Impact
39 ======
40
41 An attacker could cause a buffer overflow, leading to arbitrary code
42 execution with the rights of the user running Pavuk.
43
44 Workaround
45 ==========
46
47 There is no known workaround at this time. All users are encouraged to
48 upgrade to the latest available version of Pavuk.
49
50 Resolution
51 ==========
52
53 All Pavuk users should upgrade to the latest version:
54
55 # emerge sync
56
57 # emerge -pv ">=net-misc/pavuk-0.9.28-r3"
58 # emerge ">=net-misc/pavuk-0.9.28-r3"
59
60 Availability
61 ============
62
63 This GLSA and any updates to it are available for viewing at
64 the Gentoo Security Website:
65
66 http://security.gentoo.org/glsa/glsa-200407-19.xml
67
68 Concerns?
69 =========
70
71 Security is a primary focus of Gentoo Linux and ensuring the
72 confidentiality and security of our users machines is of utmost
73 importance to us. Any security concerns should be addressed to
74 security@g.o or alternatively, you may file a bug at
75 http://bugs.gentoo.org.
76
77 License
78 =======
79
80 Copyright 2004 Gentoo Foundation, Inc; referenced text
81 belongs to its owner(s).
82
83 The contents of this document are licensed under the
84 Creative Commons - Attribution / Share Alike license.
85
86 http://creativecommons.org/licenses/by-sa/1.0
Report Message
Find on MARC Find on Google Groups