libgtop-daemon: remote format string vulnerability
Package: libgtop-daemon
Version: 1.0.12-2
Severity: grave
Justification: user security hole
Tags: security
Hello,
I found this problem about my (since 1 week:)) package libgtop
http://www.securityfocus.com/bid/3586 :
"GNOME libgtop_daemon Remote Format String Vulnerability
The GNOME libgtop_daemon is used to monitor processes running
on a remote Linux system running GNOME.
Under some conditions, when a remote connection fails, user
supplied input is used as a format string within a log message.
A malicious user may construct a string including format modifiers,
causing stack information to be written to the log file, and
possibly leading to remote execution of arbitrary code.
Older versions of libgtop_daemon may share this vulnerability."
I'm working on version 1.0.13 but I thing the problem is also
in potato (version 1.0.6-1).
I just wanted to inform you about this problem.
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux debian 2.4.16-pre1 #2 Sun Nov 25 21:33:40 CET 2001 i686
Locale: LANG=de_DE.ISO-8859-1, LC_CTYPE=C
Versions of packages libgtop-daemon depends on:
ii libc6 2.2.4-7 GNU C Library: Shared libraries an
ii libglib1.2 1.2.10-3 The GLib library of C routines
ii libgnomesupport0 1.4.1.2-7 The Gnome libraries (Support libra
ii libgtop1 1.0.12-2 Libraries for gtop system monitori
--
Noèl Köthe
Reply to: