Bug 729096 (CVE-2011-2903)
Summary: | CVE-2011-2903 tcptrack: heap overflow in parsing the command line | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NEXTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | jitesh.1337 |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-09-13 21:16:05 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 729098 | ||
Bug Blocks: |
Description
Vincent Danen
2011-08-08 17:21:54 UTC
Created tcptrack tracking bugs for this issue Affects: fedora-all [bug 729098] This issue was assigned the name CVE-2011-2903. According to MITRE, there is some question as to whether this should be called a flaw: http://www.openwall.com/lists/oss-security/2011/08/31/1 The "attack" is through a command line argument. While it's listed as a sniffer, the above text suggests that tcptrack might not be setuid/privileged, since the only given scenario is "as a handler for other applications." Unless this is a typical/known scenario, this seems like just another unprivileged application, in which case the control over a command line argument would not directly cross privilege boundaries, thus falling into the realm of "bug" and not "vulnerability." Given the above, and that tcptrack has been updated to the fixed 1.4.2 version in Fedora 16, we won't be insisting on packages for Fedora 14 and 15. |