Debian Security Advisory DSA 1440-1 (inotify-tools) Network Vulnerability

Summary

The remote host is missing an update to inotify-tools announced via advisory DSA 1440-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201440-1

Insight

It was discovered that a buffer overflow in the filename processing of the inotify-tools, a command-line interface to inotify, may lead to the execution of arbitrary code. This only affects the internal library and none of the frontend tools shipped in Debian. For the stable distribution (etch), this problem has been fixed in version 3.3-2. The old stable distribution (sarge) does not provide inotify-tools. For the unstable distribution (sid), this problem has been fixed in version 3.11-1. We recommend that you upgrade your inotify-tools package.

Severity

Classification

CVE CVE-2007-5037
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1099-1 (horde2)
Debian Security Advisory DSA 1090-1 (spamassassin)
Debian Security Advisory DSA 068-1 (openldap)
Debian Security Advisory DSA 1032-1 (zope-cmfplone)
Debian Security Advisory DSA 020-1 (php4)

Take action and discover your vulnerabilities