|
Family: Debian Local Security Checks --> Category: infos
[DSA310] DSA-310-1 xaos Vulnerability Scan
Vulnerability Scan Summary DSA-310-1 xaos
Detailed Explanation for this Vulnerability Test
XaoS, a program for displaying fractal images, is installed setuid
root on certain architectures in order to use svgalib, which requires
access to the video hardware. However, it is not designed for secure
setuid execution, and can be exploited to gain root rights.
In these updated packages, the setuid bit has been removed from the
xaos binary. Users who require the svgalib functionality should grant
these rights only to a trusted group.
This vulnerability is exploitable in version 3.0-18 (potato) on i386
and alpha architectures, and in version 3.0-23 (woody) on the i386
architecture only.
For the stable distribution (woody) this problem has been fixed in
version 3.0-23woody1.
For the old stable distribution (potato) this problem has been fixed
in version 3.0-18potato1.
For the unstable distribution (sid) this problem has been fixed in
version 3.1r-4.
We recommend that you update your xaos package.
Solution : http://www.debian.org/security/2003/dsa-310
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|