|Category:||Conectiva Local Security Checks|
|Title:||Conectiva Security Advisory CLA-2002:548|
|Summary:||Conectiva Security Advisory CLA-2002:548|
The remote host is missing updates announced in
Window Maker is a very popular window manager.
Al Viro reported a vulnerability in a function that is used when
Window Maker loads images. This function is used, for example, when a
new background image is configured, and when previewing themes.
This function calculates the ammount of memory necessary to load the
image by doing a multiplication. It does not, however, check the
result of this multiplication, which could suffer an integer overflow
and not fit into the destination variable. Given a sufficiently large
height and/or width parameter, a less than needed ammount of memory
would be allocated, which would result in a buffer overflow later on
when the image is actually loaded.
A possible scenario for this vulnerability could be that of an
attacker making a specially crafted image available and convincing an
unsuspecting user to set it as a background image.
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'
Risk factor : High
BugTraq ID: 6119|
Common Vulnerability Exposure (CVE) ID: CVE-2002-1277
Debian Security Information: DSA-190 (Google Search)
Conectiva Linux advisory: CLA-2002:548
|Copyright||Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com|
|This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.