|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200604-05] Doomsday: Format string vulnerability Vulnerability Scan
Vulnerability Scan Summary Doomsday: Format string vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200604-05
(Doomsday: Format string vulnerability)
Luigi Auriemma discovered that Doomsday incorrectly implements
formatted printing.
Impact
A remote attacker could exploit these vulnerabilities to execute
arbitrary code with the rights of the user running the Doomsday server
or client by sending specially crafted strings.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1618
http://aluigi.altervista.org/adv/doomsdayfs-adv.txt
Solution:
Doomsday has been masked in Portage pending the resolution of
these issues. All Doomsday users are advised to uninstall the package
until further notice.
# emerge --ask --verbose --unmerge games-fps/doomsday
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|