This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200412-20
(NASM: Buffer overflow vulnerability)
Jonathan Rockway discovered that NASM-0.98.38 has an unprotected
vsprintf() to an array in preproc.c. This code vulnerability may lead
to a buffer overflow and potential execution of arbitrary code.
A remote attacker could craft a malicious object file which, when
supplied in NASM, would result in the execution of arbitrary code with
the rights of the user running NASM.
There is no known workaround at this time.
See also :
All NASM users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-lang/nasm-0.98.38-r1'
Risk factor :