Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2002:026: libsafe Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the libsafe package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2002:026 (libsafe).
Wojciech Purczynski discovered that format string protection in libsafe can be
easily bypassed by using flag characters that are implemented in glibc but are
not implemented in libsafe. It was also discovered that *printf function
wrappers incorrectly parse argument indexing in format strings, making some
incorrect assumptions on the number of arguments and conversion specifications.
These problems were fixed by the libsafe authors in 2.0-12.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:026
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.