Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
On Mon, Mar 11, 2002 at 08:52:54PM -0600, Steve Langasek wrote:
> dpkg doesn't normally run on a network port, so exploiting it doesn't get
> you local access unless you already have it; and it's not suid, so running
> it from commandline doesn't let you get root. Therefore, there is no
> security hole opened by a vulnerability in dpkg.
Not so; other, more subtle attack vectors are possible. For example, the
superuser could use dpkg-deb --extract on a hostile binary .deb. This
should be a safe operation, given a properly controlled environment, but by
exploiting this bug, dpkg could be tricked into executing arbitrary code.
--
- mdz
Reply to: