Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: heap overflow in tcptrack < 1.4.2
From: Moritz Muehlenhoff <jmm () debian org>
Date: Tue, 13 Sep 2011 21:36:47 +0200

On Wed, Aug 31, 2011 at 06:35:45PM -0400, Steven M. Christey wrote:

I'm wondering if this should have received a CVE.

https://bugs.gentoo.org/show_bug.cgi?id=377917 quotes upstream:

   "This fixes a heap overflow in the parsing of the command line...
    this may have security repercussions if
    tcptrack is configured as a handler for other applications that can
    pass user-supplied command line input to tcptrack."

The "attack" is through a command line argument.  While it's listed as a  
sniffer, the above text suggests that tcptrack might not be  
setuid/privileged, since the only given scenario is "as a handler for  
other applications."  Unless this is a typical/known scenario, this seems 
like just another unprivileged application, in which case the control 
over a command line argument would not directly cross privilege 
boundaries, thus falling into the realm of "bug" and not "vulnerability."

FWIW, we're treating it as a non-security issue in Debian.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]