Package: swath Version: 0.4.0-4 Buffer overflow because of strcpy with possibility to inject shellcode:
swath mule -b [More than 20 to overflow and possibly inject shellcode.] < emptyfile proplematic lines are: char stopstr[20]; if (muleMode) strcpy(stopstr,wbr); Instead, you should change the size of stopstr according to wbr. Even better would be simply to change the address of stopstr like char stopstr[20]; if (muleMode) stopstr = wbr; -- System Information: Debian Release: 6.0.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages swath depends on: ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libdatrie1 0.2.4-1 Double-array trie library ii libgcc1 1:4.4.5-8 GCC support library ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3 swath recommends no packages. swath suggests no packages. -- no debconf information