neon library ne_rfc1036_parse function buffer overflow

neon-library-nerfc1036parse-bo (16192)

High Risk

Description:

neon is vulnerable to a heap-based buffer overflow in the date parsing function of the neon library. A remote attacker can supply a specially-crafted date string to the ne_rfc1036_parse function to overflow a buffer and possibly execute arbitrary code on the system, depending on how the application uses the neon library.

Note: OpenOffice and Subversion do not use the ne_rfc1036_parse function and are not vulnerable.

Consequences:

Gain Access

Remedy:

Upgrade to the latest version of neon (0.24.6 or later), available from the WebDAV Web page. See References.

For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest cadaver package (0.18.0-1woody3 or later), as listed in DSA-507-1. See References.

For Conectiva Linux:
Upgrade to the libneon package, as listed below. Refer to Conectiva Linux Security Announcement CLA-2004:841 for more information. See References.

Conectiva Linux 9: 0.23.5-21884U90_2cl or later

For Gentoo Linux Security containing the cadaver package:
Upgrade to the latest version of cadaver (0.22.2 or later), as listed in GLSA 200405-15. See References.

For Gentoo Linux Security containing the neon package:
Upgrade to the latest version of neon (0.24.6 or later), as listed in GLSA 200405-13. See References.

For Mandrake Linux:
Upgrade to the latest apache package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:078 : OpenOffice.org for more information. See References.

Mandrake Linux 10.0: 1.1.2-3.1.100mdk or later

For OpenPKG:
Refer to OpenPKG Security Advisory OpenPKG-SA-2004.024 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

• CIAC Information Bulletin O-148: Linux Neon and Cadaver Buffer Overflow Vulnerability.
• Conectiva Linux Security Announcement CLA-2004:841: libneon.
• Full-Disclosure Mailing List, Wed May 19 2004 - 01:36:42 CDT: Advisory 06/2004: libneon date parsing vulnerability.
• GLSA 200405-13: neon heap-based buffer overflow.
• GLSA 200405-15: cadaver heap-based buffer overflow.
• neon Web page: neon HTTP and WebDAV client library.
• BID-10385: Neon WebDAV Client Library ne_rfc1036_parse Function Heap Overflow Vulnerability
• BID-10869: Neon WebDAV Client Library Unspecified Vulnerability
• CVE-2004-0398: Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.
• DSA-506: neon -- buffer overflow
• DSA-507: cadaver -- buffer overflow
• GLSA-200405-13: neon heap-based buffer overflow
• GLSA-200405-15: cadaver heap-based buffer overflow
• GLSA-200406-03: sitecopy: Multiple vulnerabilities in included libneon
• MDKSA-2004:049: Updated libneon packages fix heap variable overflow issues
• MDKSA-2004:078: Updated OpenOffice.org packages fix libneon vulnerability
• OpenPKG-SA-2004.024: neon
• OSVDB ID: 6302: cadaver libneon Date Parsing Overflow
• RHSA-2004-191: cadaver security update
• SA11638: Neon Date Parsing Heap Overflow Vulnerability
• SUSE-SA:2004:013: cvs: remote command execution
• SUSE-SA:2004:015: cvs: remote command execution
• SUSE-SA:2004:016: squid: remote system compromise
• SUSE-SA:2004:017: Linux Kernel: local denial-of-service attack
• SUSE-SA:2004:018: subversion: remote system compromise
• SUSE-SA:2004:019: dhcp-server: remote system compromise
• SUSE-SA:2004:020: kernel: local privilege escalation
• SUSE-SA:2004:021: php4 / mod_php4: remote code execution
• SUSE-SA:2004:022: samba: remote root compromise

Platforms Affected:

• Conectiva Linux 9.0
• Debian Debian Linux 3.0
• Gentoo Linux
• Joe Orton neon 0.24.5 and prior
• MandrakeSoft Mandrake Linux 10.0
• MandrakeSoft Mandrake Linux 10.0 AMD64
• MandrakeSoft Mandrake Linux 9.2 AMD64
• MandrakeSoft Mandrake Linux 9.2
• Novell SuSE Linux Enterprise Server 7.0
• Novell UnitedLinux 1.0
• OpenPKG OpenPKG 1.3
• OpenPKG OpenPKG 2.0
• OpenPKG OpenPKG CURRENT
• RedHat Enterprise Linux 2.1 WS
• RedHat Enterprise Linux 2.1 AS
• RedHat Enterprise Linux 2.1 ES
• RedHat Linux Advanced Workstation 2.1 Itanium
• SuSE Linux Enterprise Server 8
• SuSE SuSE eMail Server III
• SUSE SuSE Linux 8.0
• SUSE SuSE Linux 8.1
• SUSE SuSE Linux 8.2
• SUSE SuSE Linux 9.0
• SUSE SuSE Linux 9.1
• SuSE SuSE Linux Connectivity Server
• SuSE SuSE Linux Database Server
• SuSE SuSE Linux Office Server

Reported:

May 19, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page