Nessus Plugin #16401
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200501-10] Vilistextum: Buffer overflow vulnerability
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2005 Michel Arboi
- Summary:
- Vilistextum: Buffer overflow vulnerability
- Version:
- $Revision: 1.1 $
- Cve_id:
- CAN-2004-1299
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200501-10
- Description:
- The remote host is affected by the vulnerability described in GLSA-200501-10
(Vilistextum: Buffer overflow vulnerability)
Ariel Berkman discovered that Vilistextum unsafely reads data into
an array without checking the length. This code vulnerability may lead
to a buffer overflow.
Impact
A remote attacker could craft a malicious webpage which, when
converted, would result in the execution of arbitrary code with the
rights of the user running Vilistextum.
Workaround
There is no known workaround at this time.
References:
http://tigger.uic.edu/~jlongs2/holes/vilistextum.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1299
Solution:
All Vilistextum users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/vilistextum-2.6.7"
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.