Summary
The remote host is missing an update to super
announced via advisory DSA 139-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20139-1
Insight
GOBBLES found an insecure use of format strings in the super package.
The included program super is intended to provide access to certain system users for particular users and programs, similar to the program super. Exploiting this format string vulnerability a local user can gain unauthorized root accesss.
This problem has been fixed in version 3.12.2-2.1 for the old stable distribution (potato), in version 3.16.1-1.1 for the current stable distribution (woody) and in version 3.18.0-3 for the unstable distribution (sid).
We recommend that you upgrade your super package immediately.
Severity
Classification
-
CVE CVE-2002-0817 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities