Summary
The remote host is missing an update to unicon-imc2 announced via advisory DSA 1328-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201328-1
Insight
Steve Kemp from the Debian Security Audit project discovered that unicon-imc2, a Chinese input method library, makes unsafe use of an environmental variable, which may be exploited to execute arbitary code.
For the stable distribution (etch) this problem has been fixed in version 3.0.4-11etch1.
For the unstable distribution (sid) this problem will be fixed shortly.
We recommend that you upgrade your unicon-imc2 package.
Severity
Classification
-
CVE CVE-2007-2835 -
CVSS Base Score: 6.8
AV:L/AC:L/Au:S/C:C/I:C/A:C
Related Vulnerabilities