GLSA-200805-07 : Linux Terminal Server Project: Multiple vulnerabilities

high Nessus Plugin ID 32209

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200805-07 (Linux Terminal Server Project: Multiple vulnerabilities)

LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA 200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA 200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30) which were subject to multiple security vulnerabilities since 2006.
Please note that the given list of vulnerabilities might not be exhaustive.
Impact :

A remote attacker could possibly exploit vulnerabilities in the aforementioned programs and execute arbitrary code, disclose sensitive data or cause a Denial of Service within LTSP 4.2 clients.
Workaround :

There is no known workaround at this time.

Solution

LTSP 4.2 is not maintained upstream in favor of version 5. Since version 5 is not yet available in Gentoo, the package has been masked.
We recommend that users unmerge LTSP:
# emerge --unmerge net-misc/ltsp If you have a requirement for Linux Terminal Servers, please either set up a terminal server by hand or use one of the distributions that already migrated to LTSP 5. If you want to contribute to the integration of LTSP 5 in Gentoo, or want to follow its development, find details in bug 177580.

See Also

https://security.gentoo.org/glsa/200705-02

https://security.gentoo.org/glsa/200705-06

https://security.gentoo.org/glsa/200705-22

https://security.gentoo.org/glsa/200705-24

https://security.gentoo.org/glsa/200710-06

https://security.gentoo.org/glsa/200710-16

https://security.gentoo.org/glsa/200710-30

https://security.gentoo.org/glsa/200711-08

https://security.gentoo.org/glsa/200801-09

https://bugs.gentoo.org/show_bug.cgi?id=177580

https://security.gentoo.org/glsa/200805-07

Plugin Details

Severity: High

ID: 32209

File Name: gentoo_GLSA-200805-07.nasl

Version: 1.23

Type: local

Published: 5/11/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:ltsp, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Ease: No known exploits are available

Patch Publication Date: 5/9/2008

Reference Information

BID: 23283, 23300, 24074

GLSA: 200805-07