Executive Summary
| Summary | |
|---|---|
| Title | New hf packages fix execution of arbitrary code |
| Informations | |||
|---|---|---|---|
| Name | DSA-1668 | First vendor Publication | 2008-11-22 |
| Vendor | Debian | Last vendor Modification | 2008-11-22 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Steve Kemp discovered that hf, an amateur-radio protocol suite using a soundcard as a modem, insecurely tried to execute an external command which could lead to the elevation of privileges for local users. For the stable distribution (etch), this problem has been fixed in version 0.7.3-4etch1. For the unstable distribution (sid), this problem has been fixed in version 0.8-8.1. We recommend that you upgrade your hf package. |
Original Source
| Url : http://www.debian.org/security/2008/dsa-1668 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:18272 | |||
| Oval ID: | oval:org.mitre.oval:def:18272 | ||
| Title: | DSA-1668-1 hf - execution of arbitrary code | ||
| Description: | Steve Kemp discovered that hf, an amateur-radio protocol suite using a soundcard as a modem, insecurely tried to execute an external command which could lead to the elevation of privileges for local users. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1668-1 CVE-2008-2378 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | hf |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7429 | |||
| Oval ID: | oval:org.mitre.oval:def:7429 | ||
| Title: | DSA-1668 hf -- programming error | ||
| Description: | Steve Kemp discovered that hf, an amateur-radio protocol suite using a soundcard as a modem, insecurely tried to execute an external command which could lead to the elevation of privileges for local users. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1668 CVE-2008-2378 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | hf |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-11-24 | Name : Debian Security Advisory DSA 1668-1 (hf) File : nvt/deb_1668_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 50231 | hf hfkernel killall Argument Handling Local Privilege Escalation |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2008-11-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1668.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:27:59 |
|
