Summary
The remote host is missing an update to wml
announced via advisory DSA 1492-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201492-1
Insight
Frank Lichtenheld and Nico Golde discovered that WML, an off-line HTML generation toolkit, creates insecure temporary files in the eperl and ipp backends and in the wmg.cgi script, which could lead to local denial of service by overwriting files.
For the stable distribution (etch), these problems have been fixed in version 2.0.11-1etch1.
The old stable distribution (sarge) is not affected.
We recommend that you upgrade your wml packages.
Severity
Classification
-
CVE CVE-2008-0665, CVE-2008-0666 -
CVSS Base Score: 3.6
AV:L/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities