GLSA-200404-19 : Buffer overflows and format string vulnerabilities in LCDproc

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200404-19
(Buffer overflows and format string vulnerabilities in LCDproc)

Due to insufficient checking of client-supplied data, the LCDd server is
susceptible to two buffer overflows and one string buffer vulnerability. If
the server is configured to listen on all network interfaces (see the Bind
parameter in LCDproc configuration), these vulnerabilities can be triggered

Impact :

These vulnerabilities allow an attacker to execute code with the rights of
the user running the LCDproc server. By default, this is the 'nobody' user.

Workaround :

A workaround is not currently known for this issue. All users are advised
to upgrade to the latest version of the affected package.

See also :

Solution :

LCDproc users should upgrade to version 0.4.5 or later:
# emerge sync
# emerge -pv '>=app-misc/lcdproc-0.4.5'
# emerge '>=app-misc/lcdproc-0.4.5'

Risk factor :


Family: Gentoo Local Security Checks

Nessus Plugin ID: 14484 (gentoo_GLSA-200404-19.nasl)

Bugtraq ID: