Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Mandrake Local Security Checks --> Category: infos

MDKSA-2004:053: xpcd Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the xpcd package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2004:053 (xpcd).

A vulnerability in xpcd-svga, part of xpcd, was discovered by Jaguar. xpcd-svga
uses svgalib to display graphics on the console and it would copy user-supplied
data of an arbitrary length into a fixed-size buffer in the pcd_open function.
As well, Steve Kemp previously discovered a buffer overflow in xpcd-svga that
could be triggered by a long HOME environment variable, which could be exploited
by a local attacker to obtain root rights.
The updated packages resolve these vulnerabilities.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.