[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: heap overflow in tcptrack < 1.4.2
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2011-08-31 22:35:45
Message-ID: Pine.GSO.4.64.1108311823180.26123 () faron ! mitre ! org
[Download RAW message or body]
I'm wondering if this should have received a CVE.
https://bugs.gentoo.org/show_bug.cgi?id=377917 quotes upstream:
"This fixes a heap overflow in the parsing of the command line...
this may have security repercussions if
tcptrack is configured as a handler for other applications that can
pass user-supplied command line input to tcptrack."
The "attack" is through a command line argument. While it's listed as a
sniffer, the above text suggests that tcptrack might not be
setuid/privileged, since the only given scenario is "as a handler for
other applications." Unless this is a typical/known scenario, this seems
like just another unprivileged application, in which case the control over
a command line argument would not directly cross privilege boundaries,
thus falling into the realm of "bug" and not "vulnerability."
- Steve
On Tue, 9 Aug 2011, Josh Bressers wrote:
>
>
> ----- Original Message -----
>> A heap overflow in the parsing of tcptrack's command line was found.
>> The details are pretty sparse, but here are some references:
>>
>> http://www.rhythm.cx/~steve/devel/tcptrack/#news
>> https://bugs.gentoo.org/show_bug.cgi?id=377917
>> https://bugzilla.redhat.com/show_bug.cgi?id=729096
>>
>
> Please use CVE-2011-2903.
>
> Thanks.
>
> --
> JB
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic