Nessus Plugin #18044
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200504-11] JunkBuster: Multiple vulnerabilities
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2005 Michel Arboi
- Summary:
- JunkBuster: Multiple vulnerabilities
- Version:
- $Revision: 1.1 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200504-11
- Description:
- The remote host is affected by the vulnerability described in GLSA-200504-11
(JunkBuster: Multiple vulnerabilities)
James Ranson reported a vulnerability when JunkBuster is
configured to run in single-threaded mode, an attacker can modify the
referrer setting by getting a victim to request a specially crafted
URL. Tavis Ormandy of the Gentoo Linux Security Audit Team identified a
heap corruption issue in the filtering of URLs.
Impact
If JunkBuster has been configured to run in single-threaded mode,
an attacker can disable or modify the filtering of Referrer: HTTP
headers, potentially compromising the privacy of users. The heap
corruption vulnerability could crash or disrupt the operation of the
proxy, potentially executing arbitrary code.
Workaround
There is no known workaround at this time.
Solution:
All JunkBuster users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-proxy/junkbuster-2.0.2-r3"
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.