Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA108] DSA-108-1 wmtv


Vulnerability Assessment Details

[DSA108] DSA-108-1 wmtv

Vulnerability Assessment Summary
DSA-108-1 wmtv

Detailed Explanation for this Vulnerability Assessment

Nicolas Boullis found some security problems in the wmtv package (a
dockable video4linux TV player for windowmaker) which is distributed
in Debian GNU/Linux 2.2. With the current version of wmtv, the
configuration file is written back as the superuser, and without any
further checks. A malicious user might use that to damage important
files.
This problem has been fixed in version 0.6.5-2potato2 for the stable
distribution by dropping rights as soon as possible and only
regaining them where required. In the current testing/unstable
distribution this problem has been fixed in version 0.6.5-9 and above
by not requiring rights anymore. Both contain fixes for two
potential buffer overflows as well.
We recommend that you upgrade your wmtv packages immediately.


Solution : http://www.debian.org/security/2002/dsa-108
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is (C) 2005 Michel Arboi

Cables, Connectors

Intel Core i5-2500K 3.3GHz Quad-Core (BX80623I52500K) Processor
$35.04
Intel Core i5-2500K 3.3GHz Quad-Core (BX80623I52500K) Processor pictureP4Dual- 915GL Micro ATX motherboard+CPU 3,8Ghz
$22.0
P4Dual- 915GL  Micro ATX motherboard+CPU 3,8Ghz pictureIntel Xeon E5 2623 V4 ES QK3R SR2PJ 2.6Ghz 4Core 10MB 14nm 85W LGA2011-3 CPU
$107.99
Intel Xeon E5 2623 V4 ES QK3R SR2PJ 2.6Ghz  4Core 10MB 14nm 85W LGA2011-3 CPU pictureAMD Athlon II X2 ADXB280CK23GM 3.4 GHz Socket AM2+/AM3 CPU Processor
$16.19
AMD Athlon II X2 ADXB280CK23GM 3.4 GHz Socket AM2+/AM3 CPU  Processor picture


Discussions

No Discussions have been posted on this vulnerability.