ID CVE-2004-1120
Summary Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header.
References
Vulnerable Configurations
  • cpe:2.3:a:prozilla:prozilla_download_accelerator:1.0.0
    cpe:2.3:a:prozilla:prozilla_download_accelerator:1.0.0
  • cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.0
    cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.0
  • cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.1
    cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.1
  • cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.2
    cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.2
  • cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.3
    cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.3
  • cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.4
    cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.4
  • cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.5
    cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.5
  • cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.5.1
    cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.5.1
  • cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.5.2
    cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.5.2
  • cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.6
    cpe:2.3:a:prozilla:prozilla_download_accelerator:1.3.6
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Prozilla 1.3.6 Remote Stack Overflow Exploit. CVE-2004-1120. Remote exploit for linux platform
id EDB-ID:652
last seen 2016-01-31
modified 2004-11-23
published 2004-11-23
reporter Serkan Akpolat
source https://www.exploit-db.com/download/652/
title Prozilla 1.3.6 - Remote Stack Overflow Exploit
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PROZILLA_136_3.NASL
    description The following package needs to be updated: prozilla
    last seen 2016-09-26
    modified 2004-11-30
    plugin id 15865
    published 2004-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15865
    title FreeBSD : ProZilla -- server response buffer overflow vulnerabilities (158)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-663.NASL
    description Several buffer overflows have been discovered in prozilla, a multi-threaded download accelerator which could be exploited by a remote attacker to execute arbitrary code on the victim's machine. An exploit for prozilla is already in the wild.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 16284
    published 2005-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=16284
    title Debian DSA-663-1 : prozilla - buffer overflows
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_1A32E8EE3EDB11D9869900065BE4B5B6.NASL
    description Buffer overflow vulnerabilities have been reported to exist in this software package. The vulnerabilities can be triggered by a remote server and can be used to inject malicious code in the ProZilla process.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 37781
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37781
    title FreeBSD : ProZilla -- server response buffer overflow vulnerabilities (1a32e8ee-3edb-11d9-8699-00065be4b5b6)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200411-31.NASL
    description The remote host is affected by the vulnerability described in GLSA-200411-31 (ProZilla: Multiple vulnerabilities) ProZilla contains several exploitable buffer overflows in the code handling the network protocols. Impact : A remote attacker could setup a malicious server and entice a user to retrieve files from that server using ProZilla. This could lead to the execution of arbitrary code with the rights of the user running ProZilla. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 15818
    published 2004-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15818
    title GLSA-200411-31 : ProZilla: Multiple vulnerabilities
refmap via4
bid 11734
bugtraq 20041124 Prozilla Remote Exploit
confirm http://bugs.gentoo.org/show_bug.cgi?id=70090
debian DSA-663
gentoo GLSA-200411-31
xf prozilla-bo(18210)
Last major update 06-12-2016 - 21:59
Published 10-01-2005 - 00:00
Last modified 10-07-2017 - 21:30
Back to Top