Hi!
Steve Langasek wrote:
> I've tracked this bug in centericq down to a failure to deal with short
> packets (or packets declaring their own length to be zero). The attached
> patch fixes this segfault, by stopping without further processing of the
> packet when its length is determined to be zero.
Two words: You rock!
> I don't see any obvious way that this bug could be exploited to gain remote
> access, but unfortunately there may be a non-obvious way... I've cc:ed the
> security team, so they can evaluate whether this warrants a security upload
> -- perhaps the DoS alone is enough reason for an update.
Crashing arbitrary user applications has been considered a vulnerability
since it's a remote denial of service in this case. I guess that we should
update.
To Julien: Please let me know the version in sid that will fix this
problem. I'll provide a CVE name asap.
Regards,
Joey
--
GNU GPL: "The source will be with you... always."
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
