Lucene search

Gentoo FoundationGLSA-200501-11

HistoryJan 09, 2005 - 12:00 a.m.

Dillo: Format string vulnerability

2005-01-0900:00:00

Gentoo Foundation

security.gentoo.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.045 Low

EPSS

Percentile

92.5%

JSON

Background

Dillo is a small and fast multi-platform web browser based on GTK+.

Description

Gentoo Linux developer Tavis Ormandy found a format string bug in Dillo’s handling of messages in a_Interface_msg().

Impact

An attacker could craft a malicious web page which, when accessed using Dillo, would trigger the format string vulnerability and potentially execute arbitrary code with the rights of the user running Dillo.

Workaround

There is no known workaround at this time.

Resolution

All Dillo users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=www-client/dillo-0.8.3-r4"

OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-client/dillo< 0.8.3-r4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	www-client/dillo	< 0.8.3-r4	UNKNOWN

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.045 Low

EPSS

Percentile

92.5%

JSON

Related for GLSA-200501-11