Debian Security Advisory DSA 2916-1 (libmms - Security Update) Network Vulnerability

Summary

Alex Chapman discovered that a buffer overflow in processing MMS over HTTP messages could result in the execution of arbitrary code.

Solution

For the oldstable distribution (squeeze), this problem has been fixed in version 0.6-1+squeeze2. For the stable distribution (wheezy), this problem has been fixed in version 0.6.2-3+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 0.6.2-4. We recommend that you upgrade your libmms packages.

Affected

libmms on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-2916.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-2892

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 073-1 (imp)
Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-2.4,kernel-patch-2.4.19-mips)
Debian Security Advisory DSA 096-1 (mutt)
Debian Security Advisory DSA 032-1 (proftpd)
Debian Security Advisory DSA 1002-1 (webcalendar)

Debian Security Advisory DSA 2916-1 (libmms - security update)

Take action and discover your vulnerabilities