SMStools vulnerabilities in release before 1.4.8

From: Marcello Magnifico [fabbricadigitale] (m.magnificoat_private)
Date: Mon Mar 11 2002 - 00:38:09 PST

Next message: Roman Drahtmueller: "SuSE Security Announcement: packages containing libz/zlib (SuSE-SA:2002:011) (tandem-announcement, second part)"

Previous message: Marlon Borba: "Suspect 'advisory' from someone claiming to be from Microsoft (was Fwd: Internet Security Update)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,
    Stefan Frings' SMStools have a couple of string format 
vulnerabilities affecting many old releases. Impact involves arbitrary 
command injection and execution with the privileges of the user running 
'smsd'. Release 1.4.8 (current) is fixing both vulnerabilities, while 
1.4.7 fixes the most trivial one. All SMStools users should upgrade to 
1.4.8 as soon as possible.
See http://www.isis.de/members/~s.frings/smstools/ for details and download.


    C U,
    Marcello Magnifico

Next message: Roman Drahtmueller: "SuSE Security Announcement: packages containing libz/zlib (SuSE-SA:2002:011) (tandem-announcement, second part)"
Previous message: Marlon Borba: "Suspect 'advisory' from someone claiming to be from Microsoft (was Fwd: Internet Security Update)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 11 2002 - 17:05:51 PST