GLSA-201311-12 : Open DC Hub: Arbitrary code execution
Medium Nessus Plugin ID 70996
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201311-12 (Open DC Hub: Arbitrary code execution)
A stack-based buffer overflow flaw has been discovered in the way Open DC Hub sanitized content of a user’s MyINFO message.
A remote authenticated user may be able to execute arbitrary code or cause a Denial of Service condition via specially crafted MyINFO message.
There is no known workaround at this time.
SolutionAll Open DC Hub users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-p2p/opendchub-0.8.2'