Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200503-13] mlterm: Integer overflow vulnerability

Vulnerability Assessment Details

[GLSA-200503-13] mlterm: Integer overflow vulnerability
Vulnerability Assessment Summary
mlterm: Integer overflow vulnerability

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200503-13
(mlterm: Integer overflow vulnerability)


mlterm is vulnerable to an integer overflow that can be triggered
by specifying a large image file as a background. This only effects
users that have compiled mlterm with the 'gtk' USE flag, which enables
gdk-pixbuf support.

Impact

A possible hacker can create a specially-crafted image file which, when
used as a background by the victim, can lead to the execution of
arbitrary code with the rights of the user running mlterm.

Workaround

Re-compile mlterm without the 'gtk' USE flag.

References:
https://sourceforge.net/project/shownotes.php?release_id=310416


Solution:
All mlterm users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/mlterm-2.9.2"


Network Security Threat Level: Medium


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi
Cables, Connectors


Cisco Catalyst 3650 48-Port Managed PoE+ Gigabit Switch WS-C3650-48FS-E picture

Cisco Catalyst 3650 48-Port Managed PoE+ Gigabit Switch WS-C3650-48FS-E

$55.99


Cisco Catalyst 48-Port Manage Gigabit Switch w/ 2x 10G SFP+ WS-C2960S-48FPD-L picture

Cisco Catalyst 48-Port Manage Gigabit Switch w/ 2x 10G SFP+ WS-C2960S-48FPD-L

$59.99


8 Ports Unmanaged Industrial Ethernet Switch Network Gigabit Ethernet Switch picture

8 Ports Unmanaged Industrial Ethernet Switch Network Gigabit Ethernet Switch

$76.50


Cisco Meraki MS120-48LP 48 Port Blade Ethernet Switch UNCLAIMED picture

Cisco Meraki MS120-48LP 48 Port Blade Ethernet Switch UNCLAIMED

$799.00


HP 2530-48G 48 Port Gigabit Ethernet Network Switch J9775A picture

HP 2530-48G 48 Port Gigabit Ethernet Network Switch J9775A

$30.95


New Linksys SE3005 5-port Gigabit Ethernet Switch picture

New Linksys SE3005 5-port Gigabit Ethernet Switch

$18.99


New 10/100 Mbps 8 Ports Fast Ethernet LAN Desktop RJ45 Network Switch Hub picture

New 10/100 Mbps 8 Ports Fast Ethernet LAN Desktop RJ45 Network Switch Hub

$11.49


HP ProCurve 2530-24G J9776A 24 Port Gigabit Ethernet Managed Network Switch picture

HP ProCurve 2530-24G J9776A 24 Port Gigabit Ethernet Managed Network Switch

$34.99


Juniper Networks EX3300-48P 48-Port PoE+ 4x SFP+ Network Switch w/ Power Cord picture

Juniper Networks EX3300-48P 48-Port PoE+ 4x SFP+ Network Switch w/ Power Cord

$43.95


HP Aruba 2530-8G-PoE+ 8x PoE+ RJ45 2x SFP Gigabit Switch J9774A No AC Adapter picture

HP Aruba 2530-8G-PoE+ 8x PoE+ RJ45 2x SFP Gigabit Switch J9774A No AC Adapter

$37.99


Discussions

No Discussions have been posted on this vulnerability.