Fedora 9 : ed-1.1-1.fc9 (2008-9263)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

ed is a line-oriented text editor, used to create, display, and modify
text files (both interactively and via shell scripts). A heap-based
buffer overflow was discovered in the way ed, the GNU line editor,
processed long file names. An attacker could create a file with a
specially crafted name that could possibly execute an arbitrary code
when opened in the ed editor. (CVE-2008-3916) Users of ed should
upgrade to this updated package, which contains a backported patch to
resolve this issue.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=466094
https://bugzilla.redhat.com/show_bug.cgi?id=466095
http://www.nessus.org/u?d1c15960

Solution :

Update the affected ed package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 34676 (fedora_2008-9263.nasl)

Bugtraq ID: 30815

CVE ID: CVE-2008-3916

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now