|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200408-10] gv: Exploitable Buffer Overflow Vulnerability Scan
Vulnerability Scan Summary gv: Exploitable Buffer Overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200408-10
(gv: Exploitable Buffer Overflow)
gv contains a buffer overflow vulnerability where an unsafe sscanf() call
is used to interpret PDF and PostScript files.
Impact
By enticing a user to view a malformed PDF or PostScript file a possible hacker
could execute arbitrary code with the permissions of the user running gv.
Workaround
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of gv.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0838
Solution:
All gv users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-text/gv-3.5.8-r4"
# emerge ">=app-text/gv-3.5.8-r4"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|