Debian Security Advisory DSA 1251-1 (netrik) Network Vulnerability

Summary

The remote host is missing an update to netrik announced via advisory DSA 1251-1. It has been discovered that netrik, a text mode WWW browser with vi like keybindings, doesn't properly sanitize temporary filenames when editing textareas which could allow attackers to execute arbitrary commands via shell metacharacters.

Solution

For the stable distribution (sarge), this problem has been fixed in version 1.15.4-1sarge1. For the upcoming stable distribution (etch) this problem has been fixed in version 1.15.3-1.1. For the unstable distribution (sid) this problem has been fixed in version 1.15.3-1.1. We recommend that you upgrade your netrik package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201251-1

Severity

Classification

CVE CVE-2006-6678

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1043-1 (abcmidi)
Debian Security Advisory DSA 1021-1 (netpbm-free)
Debian Security Advisory DSA 047-1 (various kernel packages)
Debian Security Advisory DSA 1004-1 (vlc)
Debian Security Advisory DSA 1045-1 (openvpn)

Take action and discover your vulnerabilities