Executive Summary
| Summary | |
|---|---|
| Title | New ht packages fix arbitrary code execution |
| Informations | |||
|---|---|---|---|
| Name | DSA-743 | First vendor Publication | 2005-07-08 |
| Vendor | Debian | Last vendor Modification | 2005-07-08 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5.1 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several problems have been discovered in ht, a viewer, editor and analyser for various executables, that may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-1545 Tavis Ormandy of the Gentoo Linux Security Team discovered an integer overflow in the ELF parser. CAN-2005-1546 The authors have discovered a buffer overflow in the PE parser. For the old stable distribution (woody) these problems have been fixed in version 0.5.0-1woody4. For the HP Precision architecture, you are advised not to use this package anymore since we cannot provide updated packages as it doesn't compile anymore. For the stable distribution (sarge) these problems have been fixed in version 0.8.0-2sarge4. For the unstable distribution (sid) these problems have been fixed in version ht_0.8.0-3. We recommend that you upgrade your ht package. |
Original Source
| Url : http://www.debian.org/security/2005/dsa-743 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200505-08 (hteditor) File : nvt/glsa_200505_08.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 743-1 (ht) File : nvt/deb_743_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 16352 | HT Editor PE Parser Overflow A local buffer overflow exists in HT Editor. The editor fails to perform proper bounds checking in the PE parser resulting in an overflow. By causing a user to open a specially crafted PE file, an attacker can cause execution of arbitrary code resulting in a loss of integrity. |
| 16351 | HT Editor ELF Parser Overflow A local integer overflow exists in HT Editor. The editor fails to perform proper input validation in the ELF parser resulting in a heap overflow. By causing a user to open a specially crafted ELF file, an attacker can cause execution of arbitrary code resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-773.nasl - Type : ACT_GATHER_INFO |
| 2005-07-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-743.nasl - Type : ACT_GATHER_INFO |
| 2005-05-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200505-08.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:34:06 |
|
