Osiris Multiple Unspecified Remote Format String

2006-07-28T11:34:02
ID OSVDB:27645
Type osvdb
Reporter Max Vozeler(), Ulf Härnhammar()
Modified 2006-07-28T11:34:02

Description

Vulnerability Description

Osiris contains a flaw that may allow a remote attacker to cause a denial of service and possibly execute arbitrary code. The issue is due to multiple format string bugs, possibly related to the logging functionality. No further details have been provided.

Solution Description

Upgrade to version 4.0.6-1sarge1 for the Debian stable distribution (sarge). Upgrade to version 4.2.0-2 for the Debian unstable distribution (sid). Upgrade to version 4.2.1 of Osiris if using another distribution as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Osiris contains a flaw that may allow a remote attacker to cause a denial of service and possibly execute arbitrary code. The issue is due to multiple format string bugs, possibly related to the logging functionality. No further details have been provided.

References:

Vendor URL: http://osiris.shmoo.com/download.html Vendor Specific News/Changelog Entry: http://osiris.shmoo.com/ChangeLog Vendor Specific Advisory URL Secunia Advisory ID:21265 Secunia Advisory ID:21257 Other Advisory URL: http://www.us.debian.org/security/2006/dsa-1129 CVE-2006-3120