Debian Security Advisory DSA 301-1 (libgtop)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

4 years ago

Summary

The remote host is missing an update to libgtop announced via advisory DSA 301-1.

Insight

Insight

The gtop daemon, used for monitoring remote machines, contains a buffer overflow which could be used by an attacker to execute arbitrary code with the privileges of the daemon process. If started as root, the daemon process drops root privileges, assuming uid and gid 99 by default. This bug was previously fixed in DSA-098, but one of the patches was not carried over to later versions of libgtop. For the stable distribution (woody), this problem has been fixed in version 1.0.13-3.1. For the old stable distribution (potato), this problem was fixed in DSA-098. For the unstable distribution (sid), this problem has been fixed in version 1.0.13-4. We recommend that you update your libgtop package.

Solution

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20301-1

Common Vulnerabilities and Exposures (CVE)

Download Mageni to scan and fix this vulnerability. It is free and easy.

Processing. Please wait...

Free for 7-days then $4 USD monthly regardless of how many IPs, scans, users, or deployments you have. No Contracts, Cancel at Anytime and 7-days Money-Back Guarantee.