Executive Summary
| Summary | |
|---|---|
| Title | New eterm packages fix error introduced in DSA-309-1 |
| Informations | |||
|---|---|---|---|
| Name | DSA-309 | First vendor Publication | 2003-06-06 |
| Vendor | Debian | Last vendor Modification | 2003-06-06 |
| Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.6 | Attack Range | Local |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A buffer overflow was fixed in DSA-309-1, but a different error was introduced in the handling of the ETERMPATH environment variable. This bug was not security-related, but would cause this environment variable not to be recognized correctly. This is now corrected by an updated version of the package. For the stable distribution (woody), this problem has been fixed in version 0.9.2-0pre2002042903.2. The old stable distribution (potato) is not affected by this bug. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you update your eterm package. |
Original Source
| Url : http://www.debian.org/security/2003/dsa-309 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 | |
| Os | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 309-1 (eterm) File : nvt/deb_309_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 8157 | Eterm ETERMPATH Variable Local Overflow A local overflow exists in Eterm. The Eterm fails to validate the ETERMPATH variable, resulting in a buffer overflow. By sending a overly long string to the ETERMPATH variable, a local attacker can cause a buffer overflow and gain elevated privileges of the group "utmp" on the system, resulting in a loss of confidentiality and integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-309.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:32:38 |
|
