Debian Security Advisory DSA 1251-1 (netrik) Network Vulnerability

Summary

The remote host is missing an update to netrik announced via advisory DSA 1251-1. It has been discovered that netrik, a text mode WWW browser with vi like keybindings, doesn't properly sanitize temporary filenames when editing textareas which could allow attackers to execute arbitrary commands via shell metacharacters.

Solution

For the stable distribution (sarge), this problem has been fixed in version 1.15.4-1sarge1. For the upcoming stable distribution (etch) this problem has been fixed in version 1.15.3-1.1. For the unstable distribution (sid) this problem has been fixed in version 1.15.3-1.1. We recommend that you upgrade your netrik package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201251-1

Severity

Classification

CVE CVE-2006-6678
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 018-1 (tinyproxy)
Debian Security Advisory DSA 087-1 (wu-ftpd)
Debian Security Advisory DSA 053-1 (nedit)
Debian Security Advisory DSA 042-1 (gnuserv, xemacs21)
Debian Security Advisory DSA 1026-1 (sash)

Take action and discover your vulnerabilities