Summary: | <net-analyzer/tcptrack-1.4.2 - heap overflow in command line parsing (CVE-2011-2903) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | netmon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.rhythm.cx/~steve/devel/tcptrack/#news | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2011-08-05 20:40:15 UTC
x86 stable Thanks, folks. GLSA request filed. CVE-2011-2903 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2903): Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument. NOTE: this is only a vulnerability in limited scenarios in which tcptrack is "configured as a handler for other applications." This issue might not qualify for inclusion in CVE. This issue was resolved and addressed in GLSA 201402-22 at http://security.gentoo.org/glsa/glsa-201402-22.xml by GLSA coordinator Chris Reffett (creffett). |