|
Family: Debian Local Security Checks --> Category: infos
[DSA108] DSA-108-1 wmtv Vulnerability Scan
Vulnerability Scan Summary DSA-108-1 wmtv
Detailed Explanation for this Vulnerability Test
Nicolas Boullis found some security problems in the wmtv package (a
dockable video4linux TV player for windowmaker) which is distributed
in Debian GNU/Linux 2.2. With the current version of wmtv, the
configuration file is written back as the superuser, and without any
further checks. A malicious user might use that to damage important
files.
This problem has been fixed in version 0.6.5-2potato2 for the stable
distribution by dropping rights as soon as possible and only
regaining them where required. In the current testing/unstable
distribution this problem has been fixed in version 0.6.5-9 and above
by not requiring rights anymore. Both contain fixes for two
potential buffer overflows as well.
We recommend that you upgrade your wmtv packages immediately.
Solution : http://www.debian.org/security/2002/dsa-108
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|