|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200501-20] o3read: Buffer overflow during file conversion Vulnerability Scan
Vulnerability Scan Summary
o3read: Buffer overflow during file conversion
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200501-20
(o3read: Buffer overflow during file conversion)
Wiktor Kopec discovered that the parse_html function in o3read.c
copies any number of bytes into a 1024-byte t[] array.
Impact
Using a specially crafted file, possibly delivered by e-mail or
over the Web, a possible hacker may execute arbitrary code with the
permissions of the user running o3read.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1288
http://tigger.uic.edu/~jlongs2/holes/o3read.txt
Solution:
All o3read users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/o3read-0.0.4"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
