Nessus Plugin #16411

Plugin Index

Note: This file has been created from a downloaded version of the Nessus Plugins from http://www.nessus.org/. Therefore, the information here can be outdated.

[GLSA-200501-20] o3read: Buffer overflow during file conversion

Family:
Gentoo Local Security Checks
Category:
infos
Copyright:
(C) 2005 Michel Arboi
Summary:
o3read: Buffer overflow during file conversion
Version:
$Revision: 1.1 $
Cve_id:
CAN-2004-1288
Bugtraq_id:
-
Xrefs:
GLSA:200501-20
Description:
The remote host is affected by the vulnerability described in GLSA-200501-20
(o3read: Buffer overflow during file conversion)


Wiktor Kopec discovered that the parse_html function in o3read.c
copies any number of bytes into a 1024-byte t[] array.

Impact

Using a specially crafted file, possibly delivered by e-mail or
over the Web, an attacker may execute arbitrary code with the
permissions of the user running o3read.

Workaround

There is no known workaround at this time.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1288
http://tigger.uic.edu/~jlongs2/holes/o3read.txt


Solution:
All o3read users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/o3read-0.0.4"


Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.