This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200808-06
(libxslt: Execution of arbitrary code)
Chris Evans (Google Security) reported that the libexslt library that
is part of libxslt is affected by a heap-based buffer overflow in the
RC4 encryption/decryption functions.
A remote attacker could entice a user to process an XML file using a
specially crafted XSLT stylesheet in an application linked against
libxslt, possibly leading to the execution of arbitrary code with the
privileges of the user running the application.
There is no known workaround at this time.
See also :
All libxslt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-libs/libxslt-1.1.24-r1'
Risk factor :
High / CVSS Base Score : 7.5
Family: Gentoo Local Security Checks
Nessus Plugin ID: 33836 (gentoo_GLSA-200808-06.nasl)
CVE ID: CVE-2008-2935