Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200607-11] TunePimp: Buffer overflow Vulnerability Scan
Vulnerability Scan Summary
TunePimp: Buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200607-11
(TunePimp: Buffer overflow)
Kevin Kofler has reported a vulnerability where three stack variables
are allocated with 255, 255 and 100 bytes respectively, yet 256 bytes
are read into each. This could lead to buffer overflows.
Running an affected version of TunePimp could lead to the execution of
arbitrary code by a remote attacker.
There is no known workaround at this time.
TunePimp has been masked in Portage pending the resolution of these
issues. TunePimp users are advised to uninstall the package until
# emerge --ask --unmerge "media-libs/tunepimp"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.