Nessus Plugin #17274
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200503-08] OpenMotif, LessTif: New libXpm buffer overflows
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2005 Michel Arboi
- Summary:
- OpenMotif, LessTif: New libXpm buffer overflows
- Version:
- $Revision: 1.1 $
- Cve_id:
- CAN-2005-0605
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200503-08
- Description:
- The remote host is affected by the vulnerability described in GLSA-200503-08
(OpenMotif, LessTif: New libXpm buffer overflows)
Chris Gilbert discovered potentially exploitable buffer overflow
cases in libXpm that weren't fixed in previous libXpm security
advisories.
Impact
A carefully-crafted XPM file could crash applications making use
of the OpenMotif or LessTif toolkits, potentially allowing the
execution of arbitrary code with the privileges of the user running the
application.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605
Solution:
All OpenMotif users should upgrade to an unaffected version:
# emerge --sync
# emerge --ask --oneshot --verbose x11-libs/openmotif
All LessTif users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/lesstif-0.94.0-r2"
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.