Family: Debian Local Security Checks --> Category: infos
[DSA085] DSA-085-1 nvi Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Takeshi Uno found a very stupid format string vulnerability in all
versions of nvi (in both, the plain and the multilingualized version).
When a filename is saved, it ought to get displayed on the screen.
The routine handling this didn't escape format strings.
This problem has been fixed in version 1.79-16a.1 for nvi and
1.79+19991117-2.3 for nvi-m17n for the stable Debian GNU/Linux 2.2.
Even if we don't believe that this could lead into somebody gaining
access of another users account if they haven't lost their brain, we
recommend that you upgrade your nvi packages.
Solution : http://www.debian.org/security/2001/dsa-085
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.