|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200611-08] RPM: Buffer overflow Vulnerability Scan
Vulnerability Scan Summary RPM: Buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200611-08
(RPM: Buffer overflow)
Vladimir Mosgalin has reported that when processing certain packages,
RPM incorrectly allocates memory for the packages, possibly causing a
heap-based buffer overflow.
Impact
A possible hacker could entice a user to open a specially crafted RPM package
and execute code with the rights of that user if certain locales
are set.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5466
Solution:
All RPM users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/rpm-4.4.6-r3"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|