Family: Debian Local Security Checks --> Category: infos
[DSA760] DSA-760-1 ekg Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Several vulnerabilities have been discovered in ekg, a console Gadu
Gadu client, an instant messaging program. The Common Vulnerabilities
and Exposures project identifies the following vulnerabilities:
Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary
file creation in contributed scripts.
Marcin Owsiany and Wojtek Kaniewski discovered potential shell
command injection in a contributed script.
Eric Romang discovered insecure temporary file creation and
arbitrary command execution in a contributed script that can be
exploited by a local attacker.
The old stable distribution (woody) does not contain an ekg package.
For the stable distribution (sarge) these problems have been fixed in
For the unstable distribution (sid) these problems have been fixed in
We recommend that you upgrade your ekg package.
Solution : http://www.debian.org/security/2005/dsa-760
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.