Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200505-02] Oops!: Remote code execution Vulnerability Scan
Vulnerability Scan Summary
Oops!: Remote code execution
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200505-02
(Oops!: Remote code execution)
A format string flaw has been detected in the my_xlog() function of the
Oops! proxy, which is called by the passwd_mysql and passwd_pgsql
module's auth() functions.
A remote attacker could send a specially crafted HTTP request to the
Oops! proxy, potentially triggering this vulnerability and leading to
the execution of arbitrary code.
There is no known workaround at this time.
All Oops! users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-proxy/oops-1.5.24_pre20050503"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.