Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN162-1 : ekg vulnerabilities Vulnerability Scan


Vulnerability Scan Summary
ekg vulnerabilities

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- ekg
- libgadu-dev
- libgadu3


Description :

Marcin Owsiany and Wojtek Kaniewski discovered that some contributed
scripts (contrib/ekgh, contrib/ekgnv.sh, and contrib/getekg.sh) in the
ekg package created temporary files in an insecure way, which allowed
exploitation of a race condition to create or overwrite files with the
rights of the user invoking the script. (CVE-2005-1850)

Marcin Owsiany and Wojtek Kaniewski discovered a shell command
injection vulnerability in a contributed utility
(contrib/scripts/ekgbot-pre1.py). By sending specially crafted content
to the bot, a possible hacker could exploit this to execute arbitrary code
with the rights of the user running ekgbot. (CVE-2005-1851)

Marcin Ĺšlusarz discovered an integer overflow in the Gadu library. By
sending a specially crafted incoming message, a remote attacker could
execute arbitrary code with the rights of the application using
libgadu. (CVE-2005-1852)

Eric Romang discovered that another contributed script
(contrib/scripts/linki.py) created temporary files in an insecure way,
whi
[...]

Solution :

Upgrade to :
- ekg-1.5-4ubuntu1.2 (Ubuntu 5.04)
- libgadu-dev-1.5-4ubuntu1.2 (Ubuntu 5.04)
- libgadu3-1.5-4ubuntu1.2 (Ubuntu 5.04)



Threat Level: High


Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.