Bug 88264

Summary:	net-misc/axel: HTTP Redirection Buffer Overflow Vulnerability
Product:	Gentoo Security	Reporter:	Jean-François Brunette (RETIRED) <formula7>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	ka0ttic
Priority:	High
Version:	unspecified
Hardware:	All
OS:	All
URL:	http://secunia.com/advisories/14831/
Whiteboard:	B2 [glsa] vorlon
Package list:		Runtime testing required:	---

Description Jean-François Brunette (RETIRED) gentoo-dev

2005-04-07 08:09:05 UTC

CVE reference:	CAN-2005-0390

Description:
A vulnerability has been reported in Axel, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the HTTP redirection handling. This can be exploited to cause a buffer overflow via a specially crafted response.

Successful exploitation may allow execution of arbitrary code.

Solution:
Update to version 1.0b.
http://wilmer.gaast.net/downloads/axel-1.0b.tar.gz

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-04-08 03:12:08 UTC

Dead maintainer, no metadata, no herd...
dragonheart: feel like bumping ?

Comment 2 Aaron Walker (RETIRED) gentoo-dev

2005-04-11 10:19:40 UTC

Bump0rd.  stable on x86. CC'd archs please mark stable.

Comment 3 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-04-11 11:28:51 UTC

Stable on ppc.

Comment 4 Markus Rothe (RETIRED) gentoo-dev

2005-04-11 11:57:03 UTC

stable on ppc64

Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev

2005-04-11 13:30:26 UTC

sparc stable.

Comment 6 Matthias Geerdsen (RETIRED) gentoo-dev

2005-04-12 13:28:41 UTC

GLSA 200504-09

ppc-macos, pls mark stable to benefit from the GLSA

Comment 7 Fabian Groffen gentoo-dev

2005-07-10 01:48:23 UTC

axel-1.0b compiles and works with and without keyword "debug" on OSX Tiger.

Comment 8 Lina Pezzella (RETIRED) gentoo-dev

2005-07-10 10:08:13 UTC

Stable ppc-macos.