Summary: | net-ftp/glftpd: Local Stack Buffer Overflow Vulnerability | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Luke Macken (RETIRED) <lewk> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | ||||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
URL: | http://www.nosystem.com.ar/advisories/advisory-05.txt | ||||||
Whiteboard: | C1 [glsa] lewk | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Luke Macken (RETIRED)
2004-09-20 17:27:39 UTC
no metadata for this package. CC'ing vapier who seems to have been maintaining this ebuild. Created attachment 40046 [details, diff]
1.32-stack-overflow.patch
does this look sane to people ?
updated the patch and released 1.32-r1 with x86 stable (ready for GLSA) - strcpy(dupename, argv[1]); + strncpy(dupename, argv[1], sizeof(dupename)-1); + dupename[sizeof(dupename)-1] = '\0'; GLSA is drafted. security, please review. GLSA 200409-27 |