Nessus Plugin #16010
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200412-20] NASM: Buffer overflow vulnerability
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2004 Michel Arboi
- Summary:
- NASM: Buffer overflow vulnerability
- Version:
- $Revision: 1.1 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200412-20
- Description:
- The remote host is affected by the vulnerability described in GLSA-200412-20
(NASM: Buffer overflow vulnerability)
Jonathan Rockway discovered that NASM-0.98.38 has an unprotected
vsprintf() to an array in preproc.c. This code vulnerability may lead
to a buffer overflow and potential execution of arbitrary code.
Impact
A remote attacker could craft a malicious object file which, when
supplied in NASM, would result in the execution of arbitrary code with
the rights of the user running NASM.
Workaround
There is no known workaround at this time.
References:
http://sourceforge.net/mailarchive/forum.php?thread_id=6166881&forum_id=4978
Solution:
All NASM users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/nasm-0.98.38-r1"
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.