MGASA-2016-0235
- Source
- https://advisories.mageia.org/MGASA-2016-0235.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0235.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2016-0235
- Related
- Published
- 2016-07-05T15:47:08Z
- Modified
- 2016-07-05T15:35:58Z
- Summary
- Updated iperf packages fix security vulnerability
- Details
-
A malicious process can connect to an iperf server and, by sending a malformed message on the control channel, corrupt the server process's heap area. This can lead to a crash (and a denial of service), or theoretically a remote code execution as the user running the iperf server. A malicious iperf server could potentially mount a similar attack on an iperf client (CVE-2016-4303).
- References
-
- https://advisories.mageia.org/MGASA-2016-0235.html
- https://bugs.mageia.org/show_bug.cgi?id=18743
- https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4DE6NEEUEC3XI62GE2MB2EK5BUCZ6MCP/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / iperf
Package
- Name
- iperf
- Purl
- pkg:rpm/mageia/iperf?distro=mageia-5