|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200501-15] UnRTF: Buffer overflow Vulnerability Scan
Vulnerability Scan Summary
UnRTF: Buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200501-15
(UnRTF: Buffer overflow)
An unchecked strcat() in unrtf may overflow the bounds of a static
buffer.
Impact
Using a specially crafted file, possibly delivered by e-mail or
over the web, a possible hacker may execute arbitrary code with the
permissions of the user running UnRTF.
Workaround
There is no known workaround at this time.
References:
http://tigger.uic.edu/~jlongs2/holes/unrtf.txt
Solution:
All unrtf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/unrtf-0.19.3-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
