|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200404-19] Buffer overflows and format string vulnerabilities in LCDproc Vulnerability Scan
Vulnerability Scan Summary Buffer overflows and format string vulnerabilities in LCDproc
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200404-19
(Buffer overflows and format string vulnerabilities in LCDproc)
Due to insufficient checking of client-supplied data, the LCDd server is
susceptible to two buffer overflows and one string buffer vulnerability. If
the server is configured to listen on all network interfaces (see the Bind
parameter in LCDproc configuration), these vulnerabilities can be triggered
remotely.
Impact
These vulnerabilities allow a possible hacker to execute code with the rights of
the user running the LCDproc server. By default, this is the "nobody" user.
Workaround
A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.
References:
http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html
Solution:
LCDproc users should upgrade to version 0.4.5 or later:
# emerge sync
# emerge -pv ">=app-misc/lcdproc-0.4.5"
# emerge ">=app-misc/lcdproc-0.4.5"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|