|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200504-29] Pound: Buffer overflow vulnerability Vulnerability Scan
Vulnerability Scan Summary Pound: Buffer overflow vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200504-29
(Pound: Buffer overflow vulnerability)
Steven Van Acker has discovered a buffer overflow vulnerability in
the "add_port()" function in Pound.
Impact
A remote attacker could send a request for an overly long hostname
parameter, which could lead to the remote execution of arbitrary code
with the rights of the Pound daemon process (by default, Gentoo uses
the "nobody" user to run the Pound daemon).
Workaround
There is no known workaround at this time.
References:
http://www.apsis.ch/pound/pound_list/archive/2005/2005-04/1114516112000
Solution:
All Pound users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/pound-1.8.3"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|