Summary
The remote host is missing an update to ajaxterm
announced via advisory DSA 1994-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201994-1
Insight
It was discovered that ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses ajaxterm.
For the oldstable distribution (etch), the problem has been fixed in version 0.9-2+etch1.
For the stable distribution (lenny), the problem has been fixed in version 0.10-2+lenny1.
For the unstable distribution (sid), the problem has been fixed in version 0.10-5.
We recommend that you upgrade your ajaxterm package.
Severity
Classification
-
CVE CVE-2009-1629 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities