Bug 131837 - nstat in iproute has a buffer overflow
Summary: nstat in iproute has a buffer overflow
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: iproute
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Radek Vokál
QA Contact: Brock Organ
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-09-05 14:47 UTC by Steve Grubb
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-09-06 09:21:19 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
A patch that fixes the problem (1.39 KB, patch)
2004-09-05 14:48 UTC, Steve Grubb
no flags Details | Diff

Description Steve Grubb 2004-09-05 14:47:09 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2)
Gecko/20040308

Description of problem:
nstat has a buffer overflow that should be fixed. nstat reads an
environmental variable that's used to locate the /proc directory. If
this variable is inherited in the environment, an attacker could point
to a specially crafted proc entry to take advantage of the buffer
overflow.

I estimate this is low risk, but it must be taken care of.

Version-Release number of selected component (if applicable):
iproute-2.6.9-1

How reproducible:
Didn't try

Steps to Reproduce:
1. Found in a code review

Additional info:

I will attach a patch that addresses this. Its slightly modified
version from Openwall Linux. Please keep the name the same to show
proper attribution.

Comment 1 Steve Grubb 2004-09-05 14:48:34 UTC
Created attachment 103485 [details]
A patch that fixes the problem

Comment 2 Radek Vokál 2004-09-06 09:21:19 UTC
Thx for patch, iproute-2.6.9-2 built


Note You need to log in before you can comment on or make changes to this bug.