Executive Summary
Summary | |
---|---|
Title | New hf packages fix execution of arbitrary code |
Informations | |||
---|---|---|---|
Name | DSA-1668 | First vendor Publication | 2008-11-22 |
Vendor | Debian | Last vendor Modification | 2008-11-22 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Steve Kemp discovered that hf, an amateur-radio protocol suite using a soundcard as a modem, insecurely tried to execute an external command which could lead to the elevation of privileges for local users. For the stable distribution (etch), this problem has been fixed in version 0.7.3-4etch1. For the unstable distribution (sid), this problem has been fixed in version 0.8-8.1. We recommend that you upgrade your hf package. |
Original Source
Url : http://www.debian.org/security/2008/dsa-1668 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18272 | |||
Oval ID: | oval:org.mitre.oval:def:18272 | ||
Title: | DSA-1668-1 hf - execution of arbitrary code | ||
Description: | Steve Kemp discovered that hf, an amateur-radio protocol suite using a soundcard as a modem, insecurely tried to execute an external command which could lead to the elevation of privileges for local users. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1668-1 CVE-2008-2378 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | hf |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7429 | |||
Oval ID: | oval:org.mitre.oval:def:7429 | ||
Title: | DSA-1668 hf -- programming error | ||
Description: | Steve Kemp discovered that hf, an amateur-radio protocol suite using a soundcard as a modem, insecurely tried to execute an external command which could lead to the elevation of privileges for local users. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1668 CVE-2008-2378 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | hf |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2008-11-24 | Name : Debian Security Advisory DSA 1668-1 (hf) File : nvt/deb_1668_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50231 | hf hfkernel killall Argument Handling Local Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-11-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1668.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:27:59 |
|