Debian DSA-2571-1 : libproxy - buffer overflow

critical Nessus Plugin ID 62804

Synopsis

The remote Debian host is missing a security-related update.

Description

The Red Hat Security Response Team discovered that libproxy, a library for automatic proxy configuration management, applied insufficient validation to the Content-Length header sent by a server providing a proxy.pac file. Such remote server could trigger an integer overflow and consequently overflow an in-memory buffer.

Solution

Upgrade the libproxy packages.

For the stable distribution (squeeze), this problem has been fixed in version 0.3.1-2+squeeze1.

See Also

https://packages.debian.org/source/squeeze/libproxy

https://www.debian.org/security/2012/dsa-2571

Plugin Details

Severity: Critical

ID: 62804

File Name: debian_DSA-2571.nasl

Version: 1.10

Type: local

Agent: unix

Published: 11/5/2012

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libproxy, cpe:/o:debian:debian_linux:6.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 11/4/2012

Reference Information

CVE: CVE-2012-4505

BID: 55910

DSA: 2571