OpenVMPS Logging Function Format String Vulnerability

Hi,

One of the key FreeNAC components (namely OpenVMPS) suffers from a Logging Function Format String
Vulnerability which affects version 1.3 running on Debian 3.0, Slackware 10.0 and Fedora Core 2. See also
the advisory http://www.securityfocus.com/bid/15072/info

The OpenVMPS author solved this problem in the CVS (see
http://vmps.cvs.sourceforge.net/vmps/vmpsd/), but didn't published a patch for the current stable release.

As regards FreeNAC.net, we are providing:

a) An OpenVMPS patch, if you wish to update your OpenVMPS module:
http://www.freenac.net/downloads/openvmps.patch

b) If you are using the FreeNAC virtual appliance please do an "svn update" from /opt/nac to fix this vulnerabilty.

c) For 'tarball' users, an updated tarball will be released next week containing this fix and some new features.

Regards,

the FreeNAC team

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642