|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200601-14] LibAST: Privilege escalation Vulnerability Scan
Vulnerability Scan Summary LibAST: Privilege escalation
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200601-14
(LibAST: Privilege escalation)
Michael Jennings discovered an exploitable buffer overflow in the
configuration engine of LibAST.
Impact
The vulnerability can be exploited to gain escalated rights if the
application using LibAST is setuid/setgid and passes a specifically
crafted filename to LibAST's configuration engine.
Workaround
Identify all applications linking against LibAST and verify they are
not setuid/setgid.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0224
Solution:
All users should upgrade to the latest version and run revdep-rebuild:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/libast-0.7"
# revdep-rebuild
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|