FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0398

This CVE name corresponds to:

Entered Topic
2004-05-19 neon date parsing vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0398 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0398
Phase Assigned(20040413)

Description

Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.

References

Source Reference
BUGTRAQ 20040519 Advisory 06/2004: libneon date parsing vulnerability
FULLDISC 20040519 Advisory 06/2004: libneon date parsing vulnerability
CONECTIVA CLA-2004:841
REDHAT RHSA-2004:191
DEBIAN DSA-506
DEBIAN DSA-507
FEDORA FEDORA-2004-1552
GENTOO GLSA-200405-13
GENTOO GLSA-200405-15
MANDRAKE MDKSA-2004:049
BUGTRAQ 20040519 [OpenPKG-SA-2004.024] OpenPKG Security Advisory (neon)
CIAC O-148
BID 10385
OSVDB 6302
SECUNIA 11638
SECUNIA 11650
SECUNIA 11673
XF neon-library-nerfc1036parse-bo(16192)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.