Family: Fedora Local Security Checks --> Category: infos
Fedora Core 2 2004-130: neon Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the neon package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory FEDORA-2004-130 (neon).
neon is an HTTP and WebDAV client library, with a C interface
providing a high-level interface to HTTP and WebDAV methods along
with a low-level interface for HTTP request handling. neon
supports persistent connections, proxy servers, basic, digest and
Kerberos authentication, and has complete SSL support.
Stefan Esser discovered a flaw in the neon library which allows a heap
buffer overflow in a date parsing routine. A possible hacker could create a
malicious WebDAV server in such a way as to allow arbitrary code
execution on the client should a user connect to it using a neon-based
application which uses the date parsing routines, such as cadaver.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0398 to this issue. This update includes
packages with a patch for this issue.
Solution : http://www.fedoranews.org/updates/FEDORA-2004-130.shtml
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.