Bug 26763 - buffer overflow for m4
Summary: buffer overflow for m4
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: m4
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Florian La Roche
QA Contact: David Lawrence
Whiteboard: Florence RC-1
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-02-09 00:41 UTC by Chris Ricker
Modified: 2007-04-18 16:31 UTC (History)
0 users

Clone Of:
Last Closed: 2001-02-09 23:07:36 UTC

Attachments (Terms of Use)

Description Chris Ricker 2001-02-09 00:41:50 UTC

The m4 shipping in beta three is vulnerable to the buffer overflows
currently being discussed on bugtraq

[root@station12 /root]# m4 -G %n
m4: Segmentation fault (core dumped)
[root@station12 /root]# m4 -G %n%n
m4: Segmentation fault (core dumped)
[root@station12 /root]# m4 -G %x  
m4: 80499d9: No such file or directory
[root@station12 /root]# m4 -G %qx
m4: bffff8ec080499d9: No such file or directory
[root@station12 /root]#

Comment 1 Glen Foster 2001-02-09 23:07:21 UTC
This defect is considered MUST-FIX for Florence Release-Candidate #1

Comment 2 Florian La Roche 2001-02-13 13:32:13 UTC
I have fied the above one and found another similar case. Both are fixed in the
current rpm.
Thanks for this report.

Note You need to log in before you can comment on or make changes to this bug.