[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] xloadimage/netscape vulnerability
- To: linux-security
- Subject: [linux-security] xloadimage/netscape vulnerability
- From: Martin Siegert <siegert@sfu.ca>
- Date: Wed, 11 Jul 2001 11:16:45 -0700
- User-Agent: Mutt/1.2.5i
Topic
=====
xloadimage contains a buffer overflow that can be exploited in connection
with netscape.
Problem Description
===================
xloadimage contains a buffer overflow in the
faces reader. This is normally not a security problem; however, xloadimage
is called by the 'plugger' program from inside Netscape to handle some
image types. Hence, a remote site could cause arbitrary code to be executed as
the user running Netscape. It is recommended that users of Netscape
and plugger update to the fixed xloadimage packages.
Affected Systems
================
Linux systems that use xloadimage in connection with netscape and the
'plugger' program (I am not sure whether this affects RedHat only, please
check your installation), e.g., RedHat 7.x.
Not Affected
============
Plugger was shipped in RedHat Powertools 6.2; if you have
only installed packages from RedHat Linux 6.2, you are not vulnerable
to this exploit (updating xloadimage nevertheless cannot hurt though).
Solution
========
RedHat 6.2
----------
rpm -Fvh xloadimage-4.1-19.6.i386.rpm
RedHat 7.x
----------
rpm -Fvh xloadimage-4.1-20.i386.rpm