[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] xloadimage/netscape vulnerability

To: linux-security
Subject: [linux-security] xloadimage/netscape vulnerability
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 11 Jul 2001 11:16:45 -0700
User-Agent: Mutt/1.2.5i

Topic
=====
xloadimage contains a buffer overflow that can be exploited in connection
with netscape.

Problem Description
===================
xloadimage contains a buffer overflow in the
faces reader. This is normally not a security problem; however, xloadimage
is called by the 'plugger' program from inside Netscape to handle some
image types. Hence, a remote site could cause arbitrary code to be executed as
the user running Netscape. It is recommended that users of Netscape
and plugger update to the fixed xloadimage packages.

Affected Systems
================
Linux systems that use xloadimage in connection with netscape and the
'plugger' program (I am not sure whether this affects RedHat only, please
check your installation), e.g., RedHat 7.x.

Not Affected
============
Plugger was shipped in RedHat Powertools 6.2; if you have
only installed packages from RedHat Linux 6.2, you are not vulnerable
to this exploit (updating xloadimage nevertheless cannot hurt though).

Solution
========

RedHat 6.2
----------
rpm -Fvh xloadimage-4.1-19.6.i386.rpm

RedHat 7.x
----------
rpm -Fvh xloadimage-4.1-20.i386.rpm

Prev by Date: [linux-security] remote root exploit in xinetd
Next by Date: [linux-security] another cfingerd remote exploit
Prev by thread: [linux-security] another cfingerd remote exploit
Next by thread: [linux-security] remote root exploit in xinetd
Index(es):
- Date
- Thread