Debian Security Advisory DSA 309-1 (eterm) Network Vulnerability

Summary

The remote host is missing an update to eterm announced via advisory DSA 309-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20309-1

Insight

'bazarr' discovered that eterm is vulnerable to a buffer overflow of the ETERMPATH environment variable. This bug can be exploited to gain the privileges of the group 'utmp' on a system where eterm is installed. For the stable distribution (woody), this problem has been fixed in version 0.9.2-0pre2002042903.1. The old stable distribution (potato) is not affected by this bug. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you update your eterm package.

Severity

Classification

CVE CVE-2003-0382

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1055-1 (mozilla-firefox)
Debian Security Advisory DSA 1111-2 (kernel-source-2.6.8 et. al.)
Debian Security Advisory DSA 1066-1 (phpbb2)
Debian Security Advisory DSA 109-1 (faqomatic)
Debian Security Advisory DSA 1023-1 (kaffeine)

Take action and discover your vulnerabilities