Summary: | www-servers/monkeyd local DoS+format string bug | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | rob holland (RETIRED) <tigger> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ciaran.mccreesh, ka0ttic |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | B1 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
rob holland (RETIRED)
2005-04-04 08:26:23 UTC
*** Bug 87917 has been marked as a duplicate of this bug. *** Is upstream informed yet? there's a remotely exploitable double expansion in m_build_buffer_from_buffer() example crash to get a bt: printf "GET %%00 HTTP/1.1\nHost: %%500n%%500n\n\n" | nc localhost 2001 It looks like a nice project, but my confidence in the security of the code is low, perhaps we should consider masking it until it matures. there are alternatives available (i've used thttpd in the past), and there are numerous mistakes like the one ciaran spotted. I think we should mask for now. I will inform upstream (having discussed it with taviso). upstream emailed, cc'd security@ Vapier it seems like your baby, please advise. i dont mind masking it until upstream has had a chance to reply upstream fixed the first issue and have been sent a patch for the second. 0.9.1 in CVS, stable on x86. CC'd archs please mark stable. Stable on ppc. sparc stable. GLSA 200504-14 |