Summary
The remote host is missing an update to lxr
announced via advisory DSA 264-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20264-1
Insight
Upstream developers of lxr, a general hypertext cross-referencing tool, have been alerted of a vulnerability that allows a remote attacker to read arbitrary files on the host system as user www-data.
This could disclose local files that were not meant to be shared with the public.
For the stable distribution (woody) this problem has been fixed in version 0.3-3.
The old stable distribution (potato) is not affected since it does not contain an lxr package.
For the unstable distribution (sid) this problem has been fixed in version 0.3-4.
We recommend that you upgrade your lxr package.
Severity
Classification
-
CVE CVE-2003-0156 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities