The remote host is missing an update to gnump3d announced via advisory DSA 901-1. Several vulnerabilities have been discovered in gnump3d, a streaming server for MP3 and OGG files. The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2005-3349 Ludwig Nussel discovered several temporary files that are created with predictable filenames in an insecure fashion and allows local attackers to craft symlink attacks. CVE-2005-3355 Ludwig Nussel discovered that the theme parameter to HTTP requests may be used for path traversal. The old stable distribution (woody) does not contain a gnump3d package.

For the stable distribution (sarge) these problems have been fixed in version 2.9.3-1sarge3. For the unstable distribution (sid) these problems have been fixed in version 2.9.8-1. We recommend that you upgrade your gnump3 package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20901-1