|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200607-11] TunePimp: Buffer overflow Vulnerability Scan
Vulnerability Scan Summary
TunePimp: Buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200607-11
(TunePimp: Buffer overflow)
Kevin Kofler has reported a vulnerability where three stack variables
are allocated with 255, 255 and 100 bytes respectively, yet 256 bytes
are read into each. This could lead to buffer overflows.
Impact
Running an affected version of TunePimp could lead to the execution of
arbitrary code by a remote attacker.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3600
http://bugs.musicbrainz.org/ticket/1764
Solution:
TunePimp has been masked in Portage pending the resolution of these
issues. TunePimp users are advised to uninstall the package until
further notice:
# emerge --ask --unmerge "media-libs/tunepimp"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
