Rapid7 Vulnerability & Exploit Database

RHSA-2002:188: New wordtrans packages fix remote vulnerabilities

Back to Search

RHSA-2002:188: New wordtrans packages fix remote vulnerabilities

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
10/04/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated wordtrans packages are now available for Red Hat Linux 7.3 which fix remote vulnerabilities in wordtrans-web.

The wordtrans-web package provides an interface to query multilingual dictionaries via a web browser. Guardent discovered vulnerabilities which affect versions of wordtrans up to and including 1.1pre8. Improper input validation allows for the execution of arbitrary code or injection of cross-site scripting code by passing in unexpected parameters to the wordtrans.php script. The wordtrans.php script then unsafely executes the wordtrans binary with the malformed parameters. All users of wordtrans are advised to upgrade to the errata packages which contain a patch to correct this vulnerability. Thanks to Guardent, Inc. for the discovery, patch, and handling of this issue.

Solution(s)

  • redhat-upgrade-wordtrans
  • redhat-upgrade-wordtrans-kde
  • redhat-upgrade-wordtrans-qt
  • redhat-upgrade-wordtrans-web

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;