Summary
The remote host is missing an update to albatross
announced via advisory DSA 942-1.
A design error has been discovered in the Albatross web application toolkit that causes user supplied data to be used as part of template execution and hence arbitrary code execution.
The old stable distribution (woody) does not contain albatross packages.
Solution
For the stable distribution (sarge) this problem has been fixed in version 1.20-2.
For the unstable distribution (sid) this problem has been fixed in version 1.33-1.
We recommend that you upgrade your albatross package.
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20942-1
Severity
Classification
-
CVE CVE-2006-0044 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities