From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200701-17.xml | 68 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 metadata/glsa/glsa-200701-17.xml (limited to 'metadata/glsa/glsa-200701-17.xml') diff --git a/metadata/glsa/glsa-200701-17.xml b/metadata/glsa/glsa-200701-17.xml new file mode 100644 index 000000000000..c7ae6740d054 --- /dev/null +++ b/metadata/glsa/glsa-200701-17.xml @@ -0,0 +1,68 @@ + + + + libgtop: Privilege escalation + + libgtop improperly handles filenames, possibly allowing for the execution + of arbitrary code. + + libgtop + 2007-01-23 + 2007-01-23: 01 + 162169 + local + + + 2.14.6 + 2.14.6 + + + +

+ libgtop facilitates the libgtop_daemon, which is used by GNOME to + obtain information about remote systems. +

+ + +

+ Liu Qishuai discovered that glibtop_get_proc_map_s() in + sysdeps/linux/procmap.c does not properly allocate memory for storing a + filename, allowing certain filenames to cause the buffer to overflow on + the stack. +

+ + +

+ By tricking a victim into executing an application that uses the + libgtop library (e.g. libgtop_daemon or gnome-system-monitor), a local + attacker could specify a specially crafted filename to be used by + libgtop causing a buffer overflow and possibly execute arbitrary code + with the rights of the user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All libgtop users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=gnome-base/libgtop-2.14.6" + + + CVE-2007-0235 + + + falco + + + shellsage + + + falco + + -- cgit v1.2.3