[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

libgtop-daemon: remote format string vulnerability

Package: libgtop-daemon
Version: 1.0.12-2
Severity: grave
Justification: user security hole
Tags: security


I found this problem about my (since 1 week:)) package libgtop
http://www.securityfocus.com/bid/3586 :
"GNOME libgtop_daemon Remote Format String Vulnerability

The GNOME libgtop_daemon is used to monitor processes running
on a remote Linux system running GNOME.

Under some conditions, when a remote connection fails, user
supplied input is used as a format string within a log message.
A malicious user may construct a string including format modifiers,
causing stack information to be written to the log file, and
possibly leading to remote execution of arbitrary code.

Older versions of libgtop_daemon may share this vulnerability."

I'm working on version 1.0.13 but I thing the problem is also
in potato (version 1.0.6-1).
I just wanted to inform you about this problem.

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux debian 2.4.16-pre1 #2 Sun Nov 25 21:33:40 CET 2001 i686
Locale: LANG=de_DE.ISO-8859-1, LC_CTYPE=C

Versions of packages libgtop-daemon depends on:
ii  libc6                         2.2.4-7    GNU C Library: Shared libraries an
ii  libglib1.2                    1.2.10-3   The GLib library of C routines
ii  libgnomesupport0      The Gnome libraries (Support libra
ii  libgtop1                      1.0.12-2   Libraries for gtop system monitori

	Noèl Köthe

Reply to: