Debian Security Advisory DSA 221-1 (mhonarc) Network Vulnerability

Summary

The remote host is missing an update to mhonarc announced via advisory DSA 221-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20221-1

Insight

Earl Hood, author of mhonarc, a mail to HTML converter, discovered a cross site scripting vulnerability in this package. A specially crafted HTML mail message can introduce foreign scripting content in archives, by-passing MHonArc's HTML script filtering. For the current stable distribution (woody) this problem has been fixed in version 2.5.2-1.3. For the old stable distribution (potato) this problem has been fixed in version 2.4.4-1.3. For the unstable distribution (sid) this problem has been fixed in version 2.5.14-1. We recommend that you upgrade your mhonarc package.

Severity

Classification

CVE CVE-2002-1388

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Debian Security Advisory DSA 1023-1 (kaffeine)
Debian Security Advisory DSA 1112-1 (mysql-dfsg-4.1)
Debian Security Advisory DSA 006-1 (zope)
Debian Security Advisory DSA 1148-1 (gallery)
Debian Security Advisory DSA 1077-1 (lynx-ssl)

Take action and discover your vulnerabilities