131837 – nstat in iproute has a buffer overflow

Bug 131837 - nstat in iproute has a buffer overflow

Summary: nstat in iproute has a buffer overflow

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	iproute
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Radek Vokál
QA Contact:	Brock Organ
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-09-05 14:47 UTC by Steve Grubb
Modified:	2007-11-30 22:10 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2004-09-06 09:21:19 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
A patch that fixes the problem (1.39 KB, patch) 2004-09-05 14:48 UTC, Steve Grubb	no flags	Details \| Diff
View All

Description Steve Grubb 2004-09-05 14:47:09 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2)
Gecko/20040308

Description of problem:
nstat has a buffer overflow that should be fixed. nstat reads an
environmental variable that's used to locate the /proc directory. If
this variable is inherited in the environment, an attacker could point
to a specially crafted proc entry to take advantage of the buffer
overflow.

I estimate this is low risk, but it must be taken care of.

Version-Release number of selected component (if applicable):
iproute-2.6.9-1

How reproducible:
Didn't try

Steps to Reproduce:
1. Found in a code review

Additional info:

I will attach a patch that addresses this. Its slightly modified
version from Openwall Linux. Please keep the name the same to show
proper attribution.

Comment 1 Steve Grubb 2004-09-05 14:48:34 UTC

Created attachment 103485 [details]
A patch that fixes the problem

Comment 2 Radek Vokál 2004-09-06 09:21:19 UTC

Thx for patch, iproute-2.6.9-2 built

Note You need to log in before you can comment on or make changes to this bug.