Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 88264 - net-misc/axel: HTTP Redirection Buffer Overflow Vulnerability
Summary: net-misc/axel: HTTP Redirection Buffer Overflow Vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/14831/
Whiteboard: B2 [glsa] vorlon
Keywords:
Depends on:
Blocks:
 
Reported: 2005-04-07 08:09 UTC by Jean-François Brunette (RETIRED)
Modified: 2005-07-11 11:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jean-François Brunette (RETIRED) gentoo-dev 2005-04-07 08:09:05 UTC 
CVE reference:	CAN-2005-0390

Description:
A vulnerability has been reported in Axel, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the HTTP redirection handling. This can be exploited to cause a buffer overflow via a specially crafted response.

Successful exploitation may allow execution of arbitrary code.

Solution:
Update to version 1.0b.
http://wilmer.gaast.net/downloads/axel-1.0b.tar.gz
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-04-08 03:12:08 UTC 
Dead maintainer, no metadata, no herd...
dragonheart: feel like bumping ?
Comment 2 Aaron Walker (RETIRED) gentoo-dev 2005-04-11 10:19:40 UTC 
Bump0rd.  stable on x86. CC'd archs please mark stable.
Comment 3 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-04-11 11:28:51 UTC 
Stable on ppc.
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2005-04-11 11:57:03 UTC 
stable on ppc64
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2005-04-11 13:30:26 UTC 
sparc stable.
Comment 6 Matthias Geerdsen (RETIRED) gentoo-dev 2005-04-12 13:28:41 UTC 
GLSA 200504-09

ppc-macos, pls mark stable to benefit from the GLSA
Comment 7 Fabian Groffen gentoo-dev 2005-07-10 01:48:23 UTC 
axel-1.0b compiles and works with and without keyword "debug" on OSX Tiger.
Comment 8 Lina Pezzella (RETIRED) gentoo-dev 2005-07-10 10:08:13 UTC 
Stable ppc-macos.