Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gentoo Local Security Checks --> Category: infos

[GLSA-200407-11] wv: Buffer overflow vulnerability Vulnerability Scan

Vulnerability Scan Summary
wv: Buffer overflow vulnerability

Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200407-11
(wv: Buffer overflow vulnerability)

A use of strcat without proper bounds checking leads to an exploitable
buffer overflow. The vulnerable code is executed when wv encounters an
unrecognized token, so a specially crafted file, loaded in wv, can trigger
the vulnerable code and execute it's own arbitrary code. This exploit is
only possible when the user loads the document into HTML view mode.


By inducing a user into running wv on a special file, a possible hacker can
execute arbitrary code with the permissions of the user running the
vulnerable program.


Users should not view untrusted documents with wvHtml or applications using
wv. When loading an untrusted document in an application using the wv
library, make sure HTML view is disabled.


All users should upgrade to the latest available version.
# emerge sync
# emerge -pv ">=app-text/wv-1.0.0-r1"
# emerge ">=app-text/wv-1.0.0-r1"

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.