Bug 131837

Summary: nstat in iproute has a buffer overflow
Product: [Fedora] Fedora Reporter: Steve Grubb <linux_4ever>
Component: iprouteAssignee: Radek Vokál <rvokal>
Status: CLOSED RAWHIDE QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-09-06 09:21:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
A patch that fixes the problem none

Description Steve Grubb 2004-09-05 14:47:09 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2)
Gecko/20040308

Description of problem:
nstat has a buffer overflow that should be fixed. nstat reads an
environmental variable that's used to locate the /proc directory. If
this variable is inherited in the environment, an attacker could point
to a specially crafted proc entry to take advantage of the buffer
overflow.

I estimate this is low risk, but it must be taken care of.

Version-Release number of selected component (if applicable):
iproute-2.6.9-1

How reproducible:
Didn't try

Steps to Reproduce:
1. Found in a code review

Additional info:

I will attach a patch that addresses this. Its slightly modified
version from Openwall Linux. Please keep the name the same to show
proper attribution.
Comment 1 Steve Grubb 2004-09-05 14:48:34 UTC 
Created attachment 103485 [details]
A patch that fixes the problem
Comment 2 Radek Vokál 2004-09-06 09:21:19 UTC 
Thx for patch, iproute-2.6.9-2 built