GLSA-200404-19 : Buffer overflows and format string vulnerabilities in LCDproc

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200404-19
(Buffer overflows and format string vulnerabilities in LCDproc)

Due to insufficient checking of client-supplied data, the LCDd server is
susceptible to two buffer overflows and one string buffer vulnerability. If
the server is configured to listen on all network interfaces (see the Bind
parameter in LCDproc configuration), these vulnerabilities can be triggered
remotely.

Impact :

These vulnerabilities allow an attacker to execute code with the rights of
the user running the LCDproc server. By default, this is the 'nobody' user.

Workaround :

A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.

See also :

http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html
http://www.gentoo.org/security/en/glsa/glsa-200404-19.xml

Solution :

LCDproc users should upgrade to version 0.4.5 or later:
# emerge sync
# emerge -pv '>=app-misc/lcdproc-0.4.5'
# emerge '>=app-misc/lcdproc-0.4.5'

Risk factor :

Medium

Family: Gentoo Local Security Checks

Nessus Plugin ID: 14484 (gentoo_GLSA-200404-19.nasl)

Bugtraq ID:

CVE ID: