Summary
The remote host is missing an update to fuzz
announced via advisory DSA 302-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20302-1
Insight
Joey Hess discovered that fuzz, a software stress-testing tool, creates a temporary file without taking appropriate security precautions. This bug could allow an attacker to gain the privileges of the user invoking fuzz, excluding root (fuzz does not allow itself to be invoked as root).
For the stable distribution (woody) this problem has been fixed in version 0.6-6woody1.
The old stable distribution (potato) does not contain a fuzz package.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you update your fuzz package.
Severity
Classification
-
CVE CVE-2003-0261 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities