Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.55888
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 901-1 (gnump3d)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to gnump3d
announced via advisory DSA 901-1.

Several vulnerabilities have been discovered in gnump3d, a streaming
server for MP3 and OGG files. The Common Vulnerabilities and
Exposures Project identifies the following problems:

CVE-2005-3349

Ludwig Nussel discovered several temporary files that are created
with predictable filenames in an insecure fashion and allows local
attackers to craft symlink attacks.

CVE-2005-3355

Ludwig Nussel discovered that the theme parameter to HTTP
requests may be used for path traversal.

The old stable distribution (woody) does not contain a gnump3d package.

For the stable distribution (sarge) these problems have been fixed in
version 2.9.3-1sarge3.

For the unstable distribution (sid) these problems have been fixed in
version 2.9.8-1.

We recommend that you upgrade your gnump3 package.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20901-1

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-3349
BugTraq ID: 15497
http://www.securityfocus.com/bid/15497
Debian Security Information: DSA-901 (Google Search)
http://www.debian.org/security/2005/dsa-901
http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml
http://www.gnu.org/software/gnump3d/attacks.html#temporary-files
http://secunia.com/advisories/17646
http://secunia.com/advisories/17647
http://secunia.com/advisories/17656
SuSE Security Announcement: SUSE-SR:2005:028 (Google Search)
http://www.novell.com/linux/security/advisories/2005_28_sr.html
http://www.vupen.com/english/advisories/2005/2489
Common Vulnerability Exposure (CVE) ID: CVE-2005-3355
BugTraq ID: 15496
http://www.securityfocus.com/bid/15496
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.