GLSA Bodhisattva
Joined: 25 Feb 2003 Posts: 3829 Location: Essen, Germany
|
Posted: Thu Jan 06, 2005 9:46 pm Post subject: [ GLSA 200501-10 ] Vilistextum: Buffer overflow vulnerabilit |
|
|
Gentoo Linux Security Advisory
Title: Vilistextum: Buffer overflow vulnerability (GLSA 200501-10)
Severity: normal
Exploitable: remote
Date: January 06, 2005
Bug(s): #74694
ID: 200501-10
Synopsis
Vilistextum is vulnerable to a buffer overflow that allows an attacker to execute arbitrary code through the use of a malicious webpage.
Background
Vilistextum is an HTML to text converter.
Affected Packages
Package: app-text/vilistextum
Vulnerable: < 2.6.7
Unaffected: >= 2.6.7
Architectures: All supported architectures
Description
Ariel Berkman discovered that Vilistextum unsafely reads data into an array without checking the length. This code vulnerability may lead to a buffer overflow.
Impact
A remote attacker could craft a malicious webpage which, when converted, would result in the execution of arbitrary code with the rights of the user running Vilistextum.
Workaround
There is no known workaround at this time.
Resolution
All Vilistextum users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/vilistextum-2.6.7" |
References
Original Advisory
CAN-2004-1299
Last edited by GLSA on Fri Apr 04, 2008 4:16 am; edited 5 times in total |
|