Package: procps Version: 1:3.2.1-2 Severity: normal Tags: patch
An attacker could crash this buffer and jump into his arbitrary code [shellcode] and change the program execution flow. Since vmstat is not installed setuid it's not critical but still... For more information see: http://www.danitrous.org/code/PoCs/vmstat_adv.txt -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-386 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages procps depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libncurses5 5.4-4 Shared libraries for terminal hand -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]