Detections
Analytics

GLSA-200404-19 : Buffer overflows and format string vulnerabilities in LCDproc

medium Nessus Plugin ID 14484

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200404-19 (Buffer overflows and format string vulnerabilities in LCDproc)

 Due to insufficient checking of client-supplied data, the LCDd server is susceptible to two buffer overflows and one string buffer vulnerability. If the server is configured to listen on all network interfaces (see the Bind parameter in LCDproc configuration), these vulnerabilities can be triggered remotely.
 Impact :

 These vulnerabilities allow an attacker to execute code with the rights of the user running the LCDproc server. By default, this is the 'nobody' user.
 Workaround :

 A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.

Solution

LCDproc users should upgrade to version 0.4.5 or later:
 # emerge sync # emerge -pv '>=app-misc/lcdproc-0.4.5' # emerge '>=app-misc/lcdproc-0.4.5'

See Also

http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html

https://security.gentoo.org/glsa/200404-19

Plugin Details

Severity: Medium

ID: 14484

File Name: gentoo_GLSA-200404-19.nasl

Version: 1.15

Type: local

Published: 8/30/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:lcdproc, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 4/27/2004

Vulnerability Publication Date: 4/12/2004

Reference Information

GLSA: 200404-19