Bug#407020: marked as done (SA23736: libgtop2: "glibtop_get_proc_map_s()" Buffer Overflow)

Mon, 15 Jan 2007 23:05:40 -0800 

Your message dated Tue, 16 Jan 2007 07:52:47 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#407020: SA23736: libgtop2: "glibtop_get_proc_map_s()" 
Buffer Overflow
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: libgtop2
Severity: important

Vulnerability in libgtop2, which can be exploited by malicious, local
users to gain escalated privileges.
The vulnerability is caused due to a boundary error within the
"glibtop_get_proc_map_s()" function in sysdeps/linux/procmap.c. This can
be exploited to cause a stack-based buffer overflow by running a with
a specially crafted long path and tricking a victim into running an 
application using the library (e.g. gnome-system-monitor).

Solution:
Update to version 2.14.6.

Reference:
http://secunia.com/advisories/23736/

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-486
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)



regards,
-- 
   .''`.  
  : :' :    Alex de Oliveira Silva | enerv
  `. `'     www.enerv.net
    `-

--- End Message ---
--- Begin Message --- 
Version: 2.14.6-1

On Mon, Jan 15, 2007, Alex de Oliveira Silva wrote:
> Vulnerability in libgtop2, which can be exploited by malicious, local
> users to gain escalated privileges.
> The vulnerability is caused due to a boundary error within the
> "glibtop_get_proc_map_s()" function in sysdeps/linux/procmap.c. This can
> be exploited to cause a stack-based buffer overflow by running a with
> a specially crafted long path and tricking a victim into running an 
> application using the library (e.g. gnome-system-monitor).

 Fixed yesterday already...

-- 
Loïc Minier <[EMAIL PROTECTED]>

--- End Message ---

Reply via email to