Thursday, September 9, 2010

New barnowl packages: fix arbitrary code execution

Users of New barnowl packages please be advised of a unchecked return value vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com
DSA-2102-1: [DSA-2102-1] New barnowl packages fix arbitrary code execution
Vulnerability : unchecked return value
It has been discovered that in barnowl, a curses-based instant-messaging

client, the return codes of calls to the ZPending and ZReceiveNotice

functions in libzephyr were not checked, allowing attackers to cause a

denial of service (crash of the application), and possibly execute

arbitrary code.
Read more at www.criticalwatch.com
 

No comments:

Post a Comment