Executive Summary
| Summary | |
|---|---|
| Title | New hztty packages fix buffer overflows |
| Informations | |||
|---|---|---|---|
| Name | DSA-385 | First vendor Publication | 2003-09-18 |
| Vendor | Debian | Last vendor Modification | 2003-09-18 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Jens Steube reported a pair of buffer overflow vulnerabilities in hztty, a program to translate Chinese character encodings in a terminal session. These vulnerabilities could be exploited by a local attacker to gain root privileges on a system where hztty is installed. Additionally, hztty had been incorrectly installed setuid root, when it only requires the privileges of group utmp. This has also been corrected in this update. For the stable distribution (woody) this problem has been fixed in version 2.0-5.2woody1. For the unstable distribution (sid) this problem will befixed in version 2.0-6. We recommend that you update your hztty package. |
Original Source
| Url : http://www.debian.org/security/2003/dsa-385 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
ExploitDB Exploits
| id | Description |
|---|---|
| 2003-09-21 | hztty 2.0 Local root exploit (Tested on Red Hat 9.0) |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 385-1 (hztty) File : nvt/deb_385_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 7119 | hztty Multiple Local Overflows |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-385.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:32:54 |
|
