Executive Summary
Summary | |
---|---|
Title | New gps packages fix multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-307 | First vendor Publication | 2003-05-27 |
Vendor | Debian | Last vendor Modification | 2003-05-27 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
gPS is a graphical application to watch system processes. In release 1.1.0 of the gps package, several security vulnerabilities were fixed, as detailed in the changelog: * bug fix on rgpsp connection source acceptation policy (it was allowing any host to connect even when the /etc/rgpsp.conf file told otherwise) It is working now, but on any real ("production") network I suggest you use IP filtering to enforce the policy (like ipchains or iptables) * Several possibilities of buffer overflows have been fixed. Thanks to Stanislav Ievlev from ALT-Linux for pointing a lot of them. * fixed misformatting of command line parameters in rgpsp protocol (command lines with newlines would break the protocol) * fixed buffer overflow bug that caused rgpsp to SIGSEGV when stating processes with large command lines (>128 chars) [Linux only] All of these problems affect Debian's gps package version 0.9.4-1 in Debian woody. Debian potato also contains a gps package (version 0.4.1-2), but it is not affected by these problems, as the relevant functionality is not implemented in that version. For the stable distribution (woody) these problems have been fixed in version 0.9.4-1woody1. The old stable distribution (potato) is not affected by these problems. For the unstable distribution (sid) these problems are fixed in version 1.1.0-1. We recommend that you update your gps package. |
Original Source
Url : http://www.debian.org/security/2003/dsa-307 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 4 |
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 307-1 (ircii-pana) File : nvt/deb_307_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
12011 | gPS Connection Source Acceptance Policy Failure |
12010 | gPS Multiple Unspecified Overflows |
12009 | gPS Command Line Overflow DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-307.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:32:38 |
|