Bug#450687: AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Fri Nov 9 08:40:46 UTC 2007
On Fri, Nov 09, 2007 at 08:03:11AM +0000, Mark Purcell wrote:
> Package: zaptel
> Version: 1:1.2.11.dfsg-1
> Severity: minor
> Tags: upstream, pending
>
> Debian GNU/Linux zaptel by default does not run as the root user,
> this will be resolved by the upload of zaptel 1.4.7.
More specifically: sethdlc(-new) is a binary that is not often used by
Zaptel users. When it is used, it must be used by root.
Zaptel includes a sample network setup script to start a network
interface on a data T1 interface from a data PRI line connected to a
Zaptel adapter. That sample script surely won't work as-is (it runs
sethdlc rather than sethdlc-new). It is not installed by default on
Debian.
As aparant from the lack of man page for sethdlc-new, I still have not
figured out exactly what this program is supposed to do and how to use
it. I figure that if a certain user will actually complain that it
doesn't work and have a proper setup to test it, I might be able to
check things out.
Right now I suspect that this is basically rather theorethical.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the Pkg-voip-maintainers
mailing list