FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

neon date parsing vulnerability

Affected packages
neon < 0.24.5_1
sitecopy <= 0.13.4_1

Details

VuXML ID 8d075001-a9ce-11d8-9c6d-0020ed76ef5a
Discovery 2004-05-19
Entry 2004-05-19
Modified 2004-06-25

Stefan Esser reports:

A vulnerability within a libneon date parsing function could cause a heap overflow which could lead to remote code execution, depending on the application using libneon.

[source]

The vulnerability is in the function ne_rfc1036_parse, which is in turn used by the function ne_httpdate_parse. Applications using either of these neon functions may be vulnerable.

References

CVE Name CVE-2004-0398
URL http://secunia.com/advisories/11785
URL http://security.e-matters.de/advisories/062004.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.

OSZAR »