USN220-1 : w3c-libwww vulnerability
|
|
Article ID: 20762
Last updated: 27 Jan, 2009
|
|
|
|
Views: 363
|
|
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.
|
|
USN220-1 : w3c-libwww vulnerability |
|
| Ubuntu Security Notice (C) 2005 Canonical, Inc. / NASL script (C) 2005 Tenable Network Security, Inc. |
|
|
| Family | Ubuntu Local Security Checks |
| Plugin ID | 20762 |
| Bugtraq ID |
|
| CVE ID | CVE-2005-3183
|
|
| Description: |
Synopsis :
These remote packages are missing security patches :
- libwww-dev
- libwww-ssl-dev
- libwww-ssl0
- libwww0
Description :
Sam Varshavchik discovered several buffer overflows in the
HTBoundary_put_block() function. By sending specially crafted HTTP
multipart/byteranges MIME messages, a malicious HTTP server could
trigger an out of bounds memory access in the libwww library, which
causes the program that uses the library to crash.
Solution :
Upgrade to :
- libwww-dev-5.4.0-9ubuntu0.5.10 (Ubuntu 5.10)
- libwww-ssl-dev-5.4.0-9ubuntu0.5.10 (Ubuntu 5.10)
- libwww-ssl0-5.4.0-9ubuntu0.5.10 (Ubuntu 5.10)
- libwww0-5.4.0-9ubuntu0.5.10 (Ubuntu 5.10)
Risk factor : High
|
|
