Summary: | <net-analyzer/tptest-3.1.7-r2: Stack-based buffer overflows (CVE-2009-{0650,0659}) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | major | CC: | netmon | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | B1 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2009-03-04 16:58:41 UTC
Created attachment 194291 [details, diff]
Proposed patch to fix the vulnerabilities in the GetStatsFromLine function in tpcommon.c.
This patch fixes the vulnerability due to strcpy, as well as a couple other potential issues.
Revbumped with patch. Arches, please test and stabilize: =net-analyzer/tptest-3.1.7-r2 Target arches: amd64 ppc sparc x86 amd64 stable x86 stable ppc stable sparc stable GLSA request filed This issue was resolved and addressed in GLSA 201310-16 at http://security.gentoo.org/glsa/glsa-201310-16.xml by GLSA coordinator Sergey Popov (pinkbyte). |