Lucene search
Copyright (C) 2008 E-Soft Inc.OPENVAS:136141256231053866HistoryJan 17, 2008 - 12:00 a.m.
Debian Security Advisory DSA 074-1 (wmaker)
2008-01-1700:00:00
Copyright (C) 2008 E-Soft Inc.
plugins.openvas.org
2
7.1 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.121 Low
EPSS
Percentile
95.3%
The remote host is missing an update to wmaker
announced via advisory DSA 074-1.
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.53866");
script_cve_id("CVE-2001-1027");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_tag(name:"creation_date", value:"2008-01-17 14:24:38 +0100 (Thu, 17 Jan 2008)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("Debian Security Advisory DSA 074-1 (wmaker)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB2\.2");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20074-1");
script_tag(name:"insight", value:"Alban Hertroys found a buffer overflow in Window Maker (a popular window
manager for X). The code that handles titles in the window list menu did
not check the length of the title when copying it to a buffer. Since
applications will set the title using untrusted data (for example web
browsers will set the title of their window to the title of the web-page
being shown) this could be exploited remotely.
This has been fixed in version 0.61.1-4.1 of the Debian package, and
upstream version 0.65.1.");
script_tag(name:"summary", value:"The remote host is missing an update to wmaker
announced via advisory DSA 074-1.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if((res = isdpkgvuln(pkg:"libdockapp-dev", ver:"0.61.1-4.1", rls:"DEB2.2")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libwings-dev", ver:"0.61.1-4.1", rls:"DEB2.2")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libwmaker0-dev", ver:"0.61.1-4.1", rls:"DEB2.2")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libwraster1-dev", ver:"0.61.1-4.1", rls:"DEB2.2")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libwraster1", ver:"0.61.1-4.1", rls:"DEB2.2")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"wmaker", ver:"0.61.1-4.1", rls:"DEB2.2")) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
Related
suse
suse
remote privilege escalation in wmaker/WindowMaker
2001-09-20 21:51:26
nessus
nessus
Mandrake Linux Security Advisory : WindowMaker (MDKSA-2001:074)
2004-07-31 00:00:00
Debian DSA-074-1 : wmaker - buffer overflow
2004-09-29 00:00:00
openvas
openvas
Debian Security Advisory DSA 074-1 (wmaker)
2008-01-17 00:00:00
cve
cve
CVE-2001-1027
2001-08-31 04:00:00
7.1 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.121 Low
EPSS
Percentile
95.3%
Related for OPENVAS:136141256231053866