|
Family: Ubuntu Local Security Checks --> Category: infos
USN162-1 : ekg vulnerabilities Vulnerability Scan
Vulnerability Scan Summary ekg vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- ekg
- libgadu-dev
- libgadu3
Description :
Marcin Owsiany and Wojtek Kaniewski discovered that some contributed
scripts (contrib/ekgh, contrib/ekgnv.sh, and contrib/getekg.sh) in the
ekg package created temporary files in an insecure way, which allowed
exploitation of a race condition to create or overwrite files with the
rights of the user invoking the script. (CVE-2005-1850)
Marcin Owsiany and Wojtek Kaniewski discovered a shell command
injection vulnerability in a contributed utility
(contrib/scripts/ekgbot-pre1.py). By sending specially crafted content
to the bot, a possible hacker could exploit this to execute arbitrary code
with the rights of the user running ekgbot. (CVE-2005-1851)
Marcin Ĺšlusarz discovered an integer overflow in the Gadu library. By
sending a specially crafted incoming message, a remote attacker could
execute arbitrary code with the rights of the application using
libgadu. (CVE-2005-1852)
Eric Romang discovered that another contributed script
(contrib/scripts/linki.py) created temporary files in an insecure way,
whi
[...]
Solution :
Upgrade to :
- ekg-1.5-4ubuntu1.2 (Ubuntu 5.04)
- libgadu-dev-1.5-4ubuntu1.2 (Ubuntu 5.04)
- libgadu3-1.5-4ubuntu1.2 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|