Mandrake Linux Security Advisory : xloadimage (MDKSA-2001:073-1)

High Nessus Plugin ID 13888

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A buffer overflow exists in xli due to missing boundary checks. This could be triggered by an external attacker to execute commands on the victim's machine. An exploit is publically available. xli is an image viewer that is used by Netscape's plugger to display TIFF, PNG, and Sun-Raster images.

Update :

The xloadimage package uses the same code as xli and is likewise vulnerable. An update is provided for xloadimage which was only provided with Linux-Mandrake 7.2.

Solution

Update the affected xli and / or xloadimage packages.

Plugin Details

Severity: High

ID: 13888

File Name: mandrake_MDKSA-2001-073.nasl

Version: $Revision: 1.16 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:xli, p-cpe:/a:mandriva:linux:xloadimage, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2001/09/12

Reference Information

CVE: CVE-2001-0775

MDKSA: 2001:073-1