CVE-2004-0179 Information

Description

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier and other products that use neon including (2) Cadaver (3) Subversion and (4) OpenOffice allow remote malicious WebDAV servers to execute arbitrary code.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc http://lists.suse.com/archive/suse-security-announce/2004-Apr/0002.html http://lists.suse.com/archive/suse-security-announce/2004-Apr/0003.html http://marc.info/?l=bugtraq&m=108213873203477&w=2 http://marc.info/?l=bugtraq&m=108214147022626&w=2 http://secunia.com/advisories/11363 http://security.gentoo.org/glsa/glsa-200405-01.xml http://security.gentoo.org/glsa/glsa-200405-04.xml http://www.debian.org/security/2004/dsa-487 http://www.mandriva.com/security/advisories?name=MDKSA-2004:032 http://www.osvdb.org/5365 http://www.redhat.com/support/errata/RHSA-2004-157.html http://www.redhat.com/support/errata/RHSA-2004-158.html http://www.redhat.com/support/errata/RHSA-2004-159.html http://www.redhat.com/support/errata/RHSA-2004-160.html http://www.securityfocus.com/bid/10136 https://bugzilla.fedora.us/show_bug.cgi?id=1552 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1065 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10913