GLSA
Bodhisattva
Joined: 25 Feb 2003
Posts: 3829
Location: Essen, Germany
|
 Posted: Tue Jan 11, 2005 8:34 am Post subject: [ GLSA 200501-15 ] UnRTF: Buffer overflow |
 |
|
Gentoo Linux Security Advisory
Title: UnRTF: Buffer overflow (GLSA 200501-15)
Severity: normal
Exploitable: remote
Date: January 10, 2005
Bug(s): #74480
ID: 200501-15
Synopsis
A buffer overflow in UnRTF allows an attacker to execute arbitrary code by
way of a specially crafted RTF file.
Background
UnRTF is a utility to convert files in the Rich Text Format into
other formats.
Affected Packages
Package: app-text/unrtf
Vulnerable: < 0.19.3-r1
Unaffected: >= 0.19.3-r1
Architectures: All supported architectures
Description
An unchecked strcat() in unrtf may overflow the bounds of a static
buffer.
Impact
Using a specially crafted file, possibly delivered by e-mail or
over the web, an attacker may execute arbitrary code with the
permissions of the user running UnRTF.
Workaround
There is no known workaround at this time.
Resolution
All unrtf users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/unrtf-0.19.3-r1" |
References
Original Announcement
Last edited by GLSA on Sat May 31, 2014 4:18 am; edited 5 times in total |
|
News & Announcements
