Bug#407020: SA23736: libgtop2: "glibtop_get_proc_map_s()" Buffer
Overflow
Alex de Oliveira Silva
enerv at host.sk
Mon Jan 15 18:12:23 CET 2007
Package: libgtop2
Severity: important
Vulnerability in libgtop2, which can be exploited by malicious, local
users to gain escalated privileges.
The vulnerability is caused due to a boundary error within the
"glibtop_get_proc_map_s()" function in sysdeps/linux/procmap.c. This can
be exploited to cause a stack-based buffer overflow by running a with
a specially crafted long path and tricking a victim into running an
application using the library (e.g. gnome-system-monitor).
Solution:
Update to version 2.14.6.
Reference:
http://secunia.com/advisories/23736/
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-486
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
regards,
--
.''`.
: :' : Alex de Oliveira Silva | enerv
`. `' www.enerv.net
`-
More information about the Pkg-gnome-maintainers
mailing list