CVE-2004-0398 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2004-0398?

CVE-2004-0398 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2004-0398?

Check the references section above for vendor advisories and patch information. Affected products include: Webdav Cadaver, Webdav Neon, Debian Debian Linux.

Vulnerability Description

Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Webdav	Cadaver	< 0.22.0
Webdav	Neon	<= 0.24.5
Debian	Debian Linux	3.0

Related Weaknesses (CWE)

CWE-787

References

http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.htmlBroken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000841Broken Link
http://marc.info/?l=bugtraq&m=108498433632333&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=108500057108022&w=2Third Party Advisory
http://secunia.com/advisories/11638Third Party Advisory
http://secunia.com/advisories/11650Third Party Advisory
http://secunia.com/advisories/11673Third Party Advisory
http://security.gentoo.org/glsa/glsa-200405-13.xmlThird Party Advisory
http://security.gentoo.org/glsa/glsa-200405-15.xmlThird Party Advisory
http://www.ciac.org/ciac/bulletins/o-148.shtmlBroken Link
http://www.debian.org/security/2004/dsa-506Third Party Advisory
http://www.debian.org/security/2004/dsa-507Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:049Third Party Advisory
http://www.osvdb.org/6302Broken Link
http://www.redhat.com/support/errata/RHSA-2004-191.htmlThird Party Advisory

FAQ

What is CVE-2004-0398?

CVE-2004-0398 is a vulnerability with a CVSS score of 7.5 (HIGH). Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbi...

How severe is CVE-2004-0398?

CVE-2004-0398 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0398?

Check the references section above for vendor advisories and patch information. Affected products include: Webdav Cadaver, Webdav Neon, Debian Debian Linux.