Mandrake Linux Security Advisory : xloadimage (MDKSA-2001:073-1)

high Nessus Plugin ID 13888

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A buffer overflow exists in xli due to missing boundary checks. This could be triggered by an external attacker to execute commands on the victim's machine. An exploit is publically available. xli is an image viewer that is used by Netscape's plugger to display TIFF, PNG, and Sun-Raster images.

Update :

The xloadimage package uses the same code as xli and is likewise vulnerable. An update is provided for xloadimage which was only provided with Linux-Mandrake 7.2.

Solution

Update the affected xli and / or xloadimage packages.

Plugin Details

Severity: High

ID: 13888

File Name: mandrake_MDKSA-2001-073.nasl

Version: 1.19

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:xli, p-cpe:/a:mandriva:linux:xloadimage, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 9/12/2001

Reference Information

CVE: CVE-2001-0775

MDKSA: 2001:073-1