|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200501-01] LinPopUp: Buffer overflow in message reply Vulnerability Scan
Vulnerability Scan Summary LinPopUp: Buffer overflow in message reply
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200501-01
(LinPopUp: Buffer overflow in message reply)
Stephen Dranger discovered that LinPopUp contains a buffer
overflow in string.c, triggered when replying to a remote user message.
Impact
A remote attacker could craft a malicious message that, when
replied using LinPopUp, would exploit the buffer overflow. This would
result in the execution of arbitrary code with the rights of the
user running LinPopUp.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1282
http://tigger.uic.edu/~jlongs2/holes/linpopup.txt
Solution:
All LinPopUp users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/linpopup-2.0.4-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|