| |||||||||||||
| Test ID: | 1.3.6.1.4.1.25623.1.0.53146 |
| Category: | Debian Local Security Checks |
| Title: | Debian Security Advisory DSA 446-1 (synaesthesia) |
| Summary: | Debian Security Advisory DSA 446-1 (synaesthesia) |
| Description: | The remote host is missing an update to synaesthesia announced via advisory DSA 446-1. During an audit, Ulf Harnhammar discovered a vulnerability in synaesthesia, a program which represents sounds visually. synaesthesia created its configuration file while holding root privileges, allowing a local user to create files owned by root and writable by the user's primary group. This type of vulnerability can usually be easily exploited to execute arbitary code with root privileges by various means. For the current stable distribution (woody) this problem has been fixed in version 2.1-2.1woody1. The unstable distribution (sid) is not affected by this problem, because synaesthesia is no longer setuid. We recommend that you update your synaesthesia package. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%20446-1 |
| Cross-Ref: |
BugTraq ID: 9713 Common Vulnerability Exposure (CVE) ID: CVE-2004-0160 Debian Security Information: DSA-446 (Google Search) http://www.debian.org/security/2004/dsa-446 XForce ISS Database: synaesthesia-configuration-symlink-attack(15279) http://xforce.iss.net/xforce/xfdb/15279 http://www.securityfocus.com/bid/9713 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |
|
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois
© 1998-2013 E-Soft Inc. All rights reserved.