Gentoo Security Advisory GLSA 200311-03 (HylaFAX) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200311-03.

Solution

Users are encouraged to perform an 'emerge sync' and upgrade the package to the latest available version. Vulnerable versions of hylafax have been removed from portage. Specific steps to upgrade: # emerge sync # emerge -pv '>=net-misc/hylafax-4.1.8' # emerge '>=net-misc/hylafax-4.1.8' # emerge clean http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200311-03 http://bugs.gentoo.org/show_bug.cgi?id=33368 http://www.novell.com/linux/security/advisories/2003_045_hylafax.html

Insight

A format bug condition allows a remote attacjer to execute arbitrary code as the root user.

Severity

Classification

CVE CVE-2003-0886
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200404-21 (samba)
Gentoo Security Advisory GLSA 200406-14 (aspell)
Gentoo Security Advisory GLSA 200408-20 (Qt)
Gentoo Security Advisory GLSA 200405-22 (Apache)
Gentoo Security Advisory GLSA 200406-21 (mit-krb5)

Take action and discover your vulnerabilities