[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Buffer overflow in ulogd, improper string length calculations (CVE-2007-0460)


according to CVE-2007-0460, ulogd is prone to several vulnerabilities
due to improper string length calculations. ulogd is running as root,
and the vulnerability is thought to be remotely exploitable, so I guess
this is serious...

As a package maintainer, I have uploaded a new package in unstable
(1.23-6) just fixing these problems using a slightly adjusted patch from
SuSE, that could also be used in testing (1.23-5), if unblocked by the
Release Management team.

Stable version (1.02-2) is also vulnerable and needs to be patched, but
I don't have enough time to backport the patch...

If I can be of assistance please let me know.

Achilleas Kotsis a.k.a. Achille
-- "whois awk?", sed Grep --

Reply to: