BID:13059

Axel HTTP Redirection Buffer Overflow Vulnerability

Info

Axel HTTP Redirection Buffer Overflow Vulnerability

Bugtraq ID:	13059
Class:	Boundary Condition Error
CVE:	CVE-2005-0390
Remote:	Yes
Local:	No
Published:	Apr 07 2005 12:00AM
Updated:	Jul 12 2009 12:56PM
Credit:	Discovered by Ulf Härnhammar from the Debian Security Audit Project.
Vulnerable:	Axel Axel 1.0 a + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Gentoo Linux

Not Vulnerable:

Discussion

Axel HTTP Redirection Buffer Overflow Vulnerability

Axel is prone to a buffer overflow vulnerability when handling HTTP redirection. A malicious HTTP response can trigger this issue, potentially allowing for arbitrary code execution.

Exploit / POC

Axel HTTP Redirection Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Axel HTTP Redirection Buffer Overflow Vulnerability

Solution:
Gentoo Linux has released advisory GLSA 200504-09 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=net-misc/axel-1.0b"
Please see the referenced advisory for further information.

Debian has released advisory DSA 706-1 to address this issue. Please see the referenced advisory for more information.

This issue was addressed in Axel 1.0b:

Axel Axel 1.0 a

Axel Axel 1.0b
http://wilmer.gaast.net/downloads/axel-1.0b.tar.gz

Debian axel-kapt_1.0a-1woody1_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/a/axel/axel-kapt_1.0a-1wo ody1_all.deb

Debian axel_1.0a-1woody1_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ alpha.deb

Debian axel_1.0a-1woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ arm.deb

Debian axel_1.0a-1woody1_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ hppa.deb

Debian axel_1.0a-1woody1_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ i386.deb

Debian axel_1.0a-1woody1_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ ia64.deb

Debian axel_1.0a-1woody1_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ m68k.deb

Debian axel_1.0a-1woody1_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ mips.deb

Debian axel_1.0a-1woody1_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ mipsel.deb

Debian axel_1.0a-1woody1_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ powerpc.deb

Debian axel_1.0a-1woody1_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ s390.deb

Debian axel_1.0a-1woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ sparc.deb

References

Axel HTTP Redirection Buffer Overflow Vulnerability

References:

Axel Home Page (Axel)