Gentoo Security Advisory GLSA 201101-07 (Prewikka) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 201101-07.

Solution

All Prewikka users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-analyzer/prewikka-0.9.14-r2' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201101-07 http://bugs.gentoo.org/show_bug.cgi?id=270056

Insight

Due to a world-readable file, a local attacker can obtain the SQL database password used by Prewikka.

Severity

Classification

CVE CVE-2010-2058
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Gentoo Security Advisory GLSA 200604-09 (cyrus-sasl)
Gentoo Security Advisory GLSA 200407-20 (subversion)
Gentoo Security Advisory GLSA 200603-15 (crypt-cbc)
Gentoo Security Advisory GLSA 200408-16 (glibc)
Gentoo Security Advisory GLSA 200904-12 (wicd)

Take action and discover your vulnerabilities