|
Family: Debian Local Security Checks --> Category: infos
[DSA494] DSA-494-1 ident2 Vulnerability Scan
Vulnerability Scan Summary DSA-494-1 ident2
Detailed Explanation for this Vulnerability Test
Jack <"jack@rapturesecurity.org"> discovered a buffer overflow in
ident2, an implementation of the ident protocol (RFC1413), where a
buffer in the child_service function was slightly too small to hold
all of the data which could be written into it. This vulnerability
could be exploited by a remote attacker to execute arbitrary code with
the rights of the ident2 daemon (by default, the "identd" user).
For the current stable distribution (woody) this problem has been
fixed in version 1.03-3woody1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you update your ident2 package.
Solution : http://www.debian.org/security/2004/dsa-494
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|