Debian Security Advisory DSA 345-1 (xbl) Network Vulnerability

Summary

The remote host is missing an update to xbl announced via advisory DSA 345-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20345-1

Insight

Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CVE-2003-0451), involving the -display command line option. This vulnerability could be exploited by a local attacker to gain gid 'games'. For the stable distribution (woody) this problem has been fixed in version 1.0k-3woody2. For the unstable distribution (sid) this problem is fixed in version 1.0k-6. We recommend that you update your xbl package.

Severity

Classification

CVE CVE-2003-0451, CVE-2003-0535

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1029-1 (libphp-adodb)
Debian Security Advisory DSA 079-2 (uucp)
Debian Security Advisory DSA 073-1 (imp)
Debian Security Advisory DSA 1009-1 (crossfire)
Debian Security Advisory DSA 018-1 (tinyproxy)

Take action and discover your vulnerabilities