GLSA-200505-08 : HT Editor: Multiple buffer overflows
Medium Nessus Plugin ID 18234
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200505-08 (HT Editor: Multiple buffer overflows)
Tavis Ormandy of the Gentoo Linux Security Team discovered an integer overflow in the ELF parser, leading to a heap-based buffer overflow.
The vendor has reported that an unrelated buffer overflow has been discovered in the PE parser.
Successful exploitation would require the victim to open a specially crafted file using HT, potentially permitting an attacker to execute arbitrary code.
There is no known workaround at this time.
SolutionAll hteditor users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-editors/hteditor-0.8.0-r2'