+++ This bug was initially created as a clone of Bug #222637 +++ Description of problem: Stack based buffer overflow occurs, when gnome-system monitor is launched while process that has a file with too long filename mapped in its address space (visible via /proc/$PID/maps), and could potentially lead to arbitrary code execution (mitigated by SSP). Version-Release number of selected component (if applicable): At least FC6 and RHEL5 libgtop2. How reproducible: Always. Steps to Reproduce: # Create a file with too long pathname. Some filesystems limit filenames # to 255 characters, so use a deep directory hierarchy instead export dir=$(perl -e " print 's/'x1000;") mkdir -p $dir # Copy a binary image thata will get mapped upon execution there and run it. # Sleep will harmlessly run for some time... cp /bin/sleep $dir $dir/sleep 100 & # Run system monitor while the program is running gnome-system-monitor Actual results: *** stack smashing detected ***: gnome-system-monitor terminated Expected results: Gnome-system-monitor should help us on our way to salvation, eternal and everlasting love and peace. Additional info: Patch from upstream is available, see the upstream BTS: http://bugzilla.gnome.org/show_bug.cgi?id=396477 http://bugzilla.gnome.org/attachment.cgi?id=80254&action=view -- Additional comment from lkundrak on 2007-01-15 08:30 EST -- Created an attachment (id=145571) Patch for Gnome bug #396477 libgtop buffer overflow -- Additional comment from bressers on 2007-01-25 14:19 EST -- This flaw also affects FC5
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0765.html