TITLE: Speedtouch USB Driver Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA12916 VERIFY ADVISORY: http://secunia.com/advisories/12916/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Speedtouch USB driver 1.x http://secunia.com/product/4124/ DESCRIPTION: A vulnerability has been reported in Speedtouch USB Driver, which potentially can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified format string errors in "modem_run", "pppoa2", and "pppoa3". Successful exploitation may potentially allow execution of arbitrary code with escalated privileges. SOLUTION: Update to version 1.3.1. http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734 PROVIDED AND/OR DISCOVERED BY: The vendor credits Max Vozeler. ORIGINAL ADVISORY: http://speedtouch.sourceforge.net/index.php?/news.en.html - - - See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0834
net-dialup, please bump speedtouch to 1.3.1, thanks.
We should have had this GLSA out yesterday at the latest. net-dialup, please bump package.
commited 1.3.1 as x86
amd64, hppa, alpha : please test and mark net-dialup/speedtouch-1.3.1 stable
Alpha stable.
hppa stable
stable now on amd64 i couldn't really test it as i don't have a adsl-modem, but it seems to work. sorry for the big delay
GLSA 200411-04