Summary: | sys-process/htop <0.8.1-r1 Does not filter non-printable characters in process names (CVE-2008-5076) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jaak, ssuominen, tanderson |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.debian.org/504144 | ||
Whiteboard: | B3/4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2008-11-07 13:58:40 UTC
The patch (see $URL): diff -r d816b3b76b28 RichString.c --- a/RichString.c Sat Nov 15 04:42:09 2008 +0200 +++ b/RichString.c Sat Nov 15 05:09:32 2008 +0200 @@ -29,7 +29,7 @@ inline void RichString_appendn(RichString* this, int attrs, char* data, int len) { int last = MIN(RICHSTRING_MAXLEN - 1, len + this->len); for (int i = this->len, j = 0; i < last; i++, j++) - this->chstr[i] = data[j] | attrs; + this->chstr[i] = ((data[j] > 31) ? data[j] : '?' ) | attrs; this->chstr[last] = 0; this->len = last; } CVE-2008-5076 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5076): htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings." ping, please bump. Fixed in 0.8.1-r1. I'm giving up maintainership of htop, so I'm un-Cc'ing myself now. Arches, please test and mark stable: =sys-process/htop-0.8.1-r1 Target keywords : "amd64 arm hppa ia64 ppc ppc64 sparc x86" *** Bug 246309 has been marked as a duplicate of this bug. *** amd64/x86 stable arm/ia64/sparc stable Samuli and I are the new htop maintainers. ppc stable Stable for HPPA. ppc64 done Vulnerable versions removed from tree. time for GLSA decision, I tend to vote NO. (In reply to comment #15) > time for GLSA decision, I tend to vote NO. NO as well, closing. Feel free to reopen if you disagree. |