|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200412-20] NASM: Buffer overflow vulnerability Vulnerability Scan
Vulnerability Scan Summary NASM: Buffer overflow vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200412-20
(NASM: Buffer overflow vulnerability)
Jonathan Rockway discovered that NASM-0.98.38 has an unprotected
vsprintf() to an array in preproc.c. This code vulnerability may lead
to a buffer overflow and potential execution of arbitrary code.
Impact
A remote attacker could craft a malicious object file which, when
supplied in NASM, would result in the execution of arbitrary code with
the rights of the user running NASM.
Workaround
There is no known workaround at this time.
References:
http://sourceforge.net/mailarchive/forum.php?thread_id=6166881&forum_id=4978
Solution:
All NASM users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/nasm-0.98.38-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|