Summary
The remote host is missing updates announced in
advisory GLSA 200807-12.
Solution
Since BitchX is no longer maintained, we recommend that users unmerge the vulnerable package and switch to another IRC client:
# emerge --unmerge 'net-irc/bitchx'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200807-12 http://bugs.gentoo.org/show_bug.cgi?id=190667
Insight
Multiple vulnerabilities in BitchX may allow for the remote execution of arbitrary code or symlink attacks.
Severity
Classification
-
CVE CVE-2007-4584, CVE-2007-5839 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities