[Debian-med-packaging] Bug#792825: disulfinder: Possible use after free
Axel Wagner
mero at merovius.de
Sat Jul 18 21:37:32 UTC 2015
Source: disulfinder
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
I found a possible use after free in the usage of wordexp:
http://sources.debian.net/src/disulfinder/1.2.11-4/disulfind/src/disulfinder.h/?hl=154#L154
wordfree(&p) should actually free p.we_wordv[0], so using rootdir after this
should be a UAF.
- -- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable'), (250, 'unstable'), (125, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVqscYAAoJEKfJ/wY/PS4D0tgQAJAVpMUb6F2RAMroCEUu9O7G
e1EMFW4h4aHwAjqDxLibABy5fL5BrWvzlpA7DgzafCJk7HtpOGUHYvZt1gROILa8
S6fVp/WzEeatiYCsAeJAB2OSgqb6cbCWEvv8v5qi2Wv6+Sn05sJbALDr11pkO02e
J6tRpmBdnivj3vQ3lG1rqbKLIqe8FQ6ZOMBEYKFKdnt3ZBWC4Ri1V9cFGD2MKXhg
dy1UR16S7XmD5aJzbyJOeGEhu1q6Kq3YhCQ/6FrH2pUszgJugjElrUC7cGgW+Z+h
uIVrzlx5HxzWbXWKVRkxQ6cWy2ZkgvsLyllG2hLg5Wzyrt9aITc9Qz6gUAguwlvJ
y/T11FGBs+Abm6YrlHaGIvPYyrEWUzfkKW0yuTLmBYRiA2HyMUdVI4fpKCQ2JUZO
9z2+ANk4paPz9kv0s5+rvYWK57yF4bWj7l8UMjETp8lzXmABkvZ2t+tB3c9TUTvJ
niuoBkYq29T9kNBZFTLm17ORHmlfVdXmJXBeSQdPFyAbJzNMEuA49gtEWLAdMmcC
kTgrxaLbxirGhhav+QtvGvJpcMTKeIDgklpU+QTl+usjd3Z8fZ/XuhUAV4f4tp4r
8N7MpyI99xZ1Eloei37buKtL6mjUPaIYEaHyhcDyvOLhk+Q8gi46f0t8JRRkdglm
7cB8xP9vWeeKrFyQY502
=3KIo
-----END PGP SIGNATURE-----
More information about the Debian-med-packaging
mailing list