Nessus Plugin #16402
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200501-11] Dillo: Format string vulnerability
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2005 Michel Arboi
- Summary:
- Dillo: Format string vulnerability
- Version:
- $Revision: 1.1 $
- Cve_id:
- CAN-2005-0012
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200501-11
- Description:
- The remote host is affected by the vulnerability described in GLSA-200501-11
(Dillo: Format string vulnerability)
Gentoo Linux developer Tavis Ormandy found a format string bug in
Dillo's handling of messages in a_Interface_msg().
Impact
An attacker could craft a malicious web page which, when accessed
using Dillo, would trigger the format string vulnerability and
potentially execute arbitrary code with the rights of the user running
Dillo.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0012
Solution:
All Dillo users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/dillo-0.8.3-r4"
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.