[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#264055: [jmartin@columbiaservices.net: Bug#264055: mtr-tiny: No bounds checking & possible array overflow in curses based 'Order of fields' frontend.]

reopen 264055 =
tag 264055 + sarge
tag 264055 + security
severity 264055 grave

On Sun, Aug 08, 2004 at 08:20:44AM -0700, Robert Woodcock wrote:
> I can reproduce this, although I'm pretty sure that we've already dropped
> privileges by this time. Any thoughts on the patch below?

When the bug is hit, privileges are dropped, and this certainly is no
root exploit. However, attackers will still try to steal your precious:
the raw network sockets. The impact is less severe than a root exploit,
but it remains a security issue, and should be fixed in the sarge
version. I'm Cc'ing -release because mtr is frozen. With the version in
unstable still suffering from occasional FTBFS problems, it's probably
easiest to sneak in Josh's original patch against 0.58 via
testing-proposed-updates. Pushing in 0.63 (or later) might be an option
once the automake issue is resolved: The diff between 0.58 and 0.63
amounts to 10000 lines, but about 95 per cent of it is autogenerated
stuff and whitespace changes.



Reply to: