Debian Security Advisory

DSA-156-1 epic4-script-light -- arbitrary script execution

Date Reported:

22 Aug 2002

Affected Packages:

epic4-script-light

Vulnerable:

Yes

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 5555.
In Mitre's CVE dictionary: CVE-2002-0984.

More information:

All versions of the EPIC script Light prior to 2.7.30p5 (on the 2.7 branch) and prior to 2.8pre10 (on the 2.8 branch) running on any platform are vulnerable to a remotely-exploitable bug, which can lead to nearly arbitrary code execution.

This problem has been fixed in version 2.7.30p5-1.1 for the current stable distribution (woody) and in version 2.7.30p5-2 for the unstable distribution (sid). The old stable distribution (potato) is not affected, since it doesn't contain the Light package.

We recommend that you upgrade your epic4-script-light package and restart your IRC client.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Source:: http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5-1.1.dsc; http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5-1.1.diff.gz; http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5.orig.tar.gz
Architecture-independent component:: http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5-1.1_all.deb

MD5 checksums of the listed files are available in the original advisory.