Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:053: xpcd Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the xpcd package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:053 (xpcd).
A vulnerability in xpcd-svga, part of xpcd, was discovered by Jaguar. xpcd-svga
uses svgalib to display graphics on the console and it would copy user-supplied
data of an arbitrary length into a fixed-size buffer in the pcd_open function.
As well, Steve Kemp previously discovered a buffer overflow in xpcd-svga that
could be triggered by a long HOME environment variable, which could be exploited
by a local attacker to obtain root rights.
The updated packages resolve these vulnerabilities.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:053
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.