Nessus Plugin #14958
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[DSA121] DSA-121-1 xtell
- Family:
- Debian Local Security Checks
- Category:
- infos
- Copyright:
- This script is (C) 2004 Michel Arboi
- Summary:
- DSA-121-1 xtell
- Version:
- $Revision: 1.4 $
- Cve_id:
- CAN-2002-0332, CAN-2002-0333, CAN-2002-0334
- Bugtraq_id:
- -
- Xrefs:
- DSA:121
- Description:
Several security related problems have been found in the xtell
package, a simple messaging client and server. In detail, these
problems contain several buffer overflows, a problem in connection
with symbolic links, unauthorized directory traversal when the path
contains "..". These problems could lead into an attacker being able
to execute arbitrary code on the server machine. The server runs with
nobody privileges by default, so this would be the account to be
exploited.
They have been corrected by backporting changes from a newer upstream
version by the Debian maintainer for xtell. These problems are fixed
in version 1.91.1 in the stable distribution of Debian and in version
2.7 for the testing and unstable distribution of Debian.
We recommend that you upgrade your xtell packages immediately.
Solution : http://www.debian.org/security/2002/dsa-121
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.