FreeBSD Ports: Ziproxy Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://ziproxy.sourceforge.net/#news http://secunia.com/advisories/39941 http://sourceforge.net/mailarchive/message.php?msg_name=201005210019.37119.dancab%40gmx.net http://www.vuxml.org/freebsd/b43004b8-6a53-11df-bc7b-0245fb008c0b.html

Insight

The following package is affected: ziproxy CVE-2010-1513 Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allow remote attackers to execute arbitrary code via (1) a large JPG image, related to the jpg2bitmap function or (2) a large PNG image, related to the png2bitmap function, leading to heap-based buffer overflows.

Severity

Classification

CVE CVE-2010-1513
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

FreeBSD Ports: clamav
FreeBSD Ports: bogofilter
FreeBSD Ports: asterisk18
FreeBSD Ports: awstats
django -- multiple vulnerabilities

FreeBSD Ports: ziproxy

Take action and discover your vulnerabilities