Gentoo: 200212-8 Critical Advisory on Canna Heap Overflow Remote Exploit
gentoo
December 20, 2002
A heap overflow vulnerability was discovered in the irw_through function in canna server version 3.6 and earlier.
Summary
- -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200212-8 - -------------------------------------------------------------------- DATE : 2002-12-20 17:12 UTC
- --------------------------------------------------------------------
Quotes from advisory:
"hsj" of Shadow Penguin Security discovered a heap overflow vulnerability in the irw_through function in canna server version 3.6 and earlier."
"AIDA Shinra of Canna project found lack of validations of requests in canna version 3.6 and earlier."
Read the full advisory at
SOLUTION
It is recommended that all Gentoo Linux users who are running app-i18n/canna-3.6 and earlier update their systems as follows:
emerge rsync emerge canna emerge clean
- -------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at nakano@gentoo.org - --------------------------------------------------------------------
Topics Covered
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
PACKAGE : canna
SUMMARY : multiple vulnerabilities in canna
EXPLOIT : remote
Topics Covered
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!