Package: openser Version: 1.1.0-9 Severity: grave Tags: security Justification: user security hole
While these two vulnerabilities have been fixed in sid in 1.1.1, they still affect Etch: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6875: Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6876: The fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.1.0 and earlier might allow remote attackers to execute arbitrary code via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument. Cheers, Moritz -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
