|
Family: Debian Local Security Checks --> Category: infos
[DSA420] DSA-420-1 jitterbug Vulnerability Scan
Vulnerability Scan Summary DSA-420-1 jitterbug
Detailed Explanation for this Vulnerability Test
Steve Kemp discovered a security related problem in jitterbug, a
simple CGI based bug tracking and reporting tool. Unfortunately the
program executions do not properly sanitize input, which allows an
attacker to execute arbitrary commands on the server hosting the bug
database. As mitigating factors these attacks are only available to
non-guest users, and accounts for these people must be setup by the
administrator making them "trusted".
For the stable distribution (woody) this problem has been fixed in
version 1.6.2-4.2woody2.
For the unstable distribution (sid) this problem has been fixed in
version 1.6.2-4.5.
We recommend that you upgrade your jitterbug package.
Solution : http://www.debian.org/security/2004/dsa-420
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|