Summary
The remote host is missing updates announced in
advisory GLSA 200410-08.
Solution
All ncompress users should upgrade to the latest version:
# emerge sync
# emerge -pv '>=app-arch/ncompress-4.2.4-r1'
# emerge '>=app-arch/ncompress-4.2.4-r1'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200410-08 http://bugs.gentoo.org/show_bug.cgi?id=66251
http://www.kb.cert.org/vuls/id/176363
Insight
compress and uncompress, which could be used by daemon programs, contain a buffer overflow that could lead to remote execution of arbitrary code with the rights of the daemon process.
Severity
Classification
-
CVE CVE-2001-1413 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities