|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200503-06] BidWatcher: Format string vulnerability Vulnerability Scan
Vulnerability Scan Summary BidWatcher: Format string vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200503-06
(BidWatcher: Format string vulnerability)
Ulf Harnhammar discovered a format string vulnerability in
"netstuff.cpp".
Impact
Remote attackers can potentially exploit this vulnerability by
sending specially crafted responses via an eBay HTTP server or a
man-in-the-middle attack to execute arbitrary malicious code.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0158
Solution:
All BidWatcher users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/bidwatcher-1.13.17"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|