Bug#450687: AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application

Tzafrir Cohen tzafrir.cohen at xorcom.com
Fri Nov 9 08:40:46 UTC 2007


On Fri, Nov 09, 2007 at 08:03:11AM +0000, Mark Purcell wrote:
> Package: zaptel
> Version: 1:1.2.11.dfsg-1
> Severity: minor
> Tags: upstream, pending
> 
> Debian GNU/Linux zaptel by default does not run as the root user,
> this will be resolved by the upload of zaptel 1.4.7.

More specifically: sethdlc(-new) is a binary that is not often used by
Zaptel users. When it is used, it must be used by root.

Zaptel includes a sample network setup script to start a network
interface on a data T1 interface from a data PRI line connected to a
Zaptel adapter. That sample script surely won't work as-is (it runs
sethdlc rather than sethdlc-new). It is not installed by default on
Debian.

As aparant from the lack of man page for sethdlc-new, I still have not
figured out exactly what this program is supposed to do and how to use
it. I figure that if a certain user will actually complain that it
doesn't work and have a proper setup to test it, I might be able to
check things out.

Right now I suspect that this is basically rather theorethical.

-- 
               Tzafrir Cohen       
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com       
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir





More information about the Pkg-voip-maintainers mailing list