|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200606-20] Typespeed: Remote execution of arbitrary code Vulnerability Scan
Vulnerability Scan Summary Typespeed: Remote execution of arbitrary code
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200606-20
(Typespeed: Remote execution of arbitrary code)
Niko Tyni discovered a buffer overflow in the addnewword() function of
Typespeed's network code.
Impact
By sending specially crafted network packets to a machine running
Typespeed in multiplayer mode, a remote attacker can execute arbitrary
code with the permissions of the user running the game.
Workaround
Do not run Typespeed in multiplayer mode. There is no known workaround
at this time for multiplayer mode.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1515
Solution:
All Typespeed users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-misc/typespeed-0.5.0"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|