oss-sec mailing list archives
CVE Request -- dtach: Memory portion (random stack data) disclosure to the client by unclean client disconnect
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 27 Jun 2012 11:58:24 +0200
Hello Kurt, Steve, vendors,a portion of memory (random stack data) disclosure flaw was found in the way dtach, a simple program emulating the detach feature of screen, performed client connection termination under certain circumstances. A remote attacker could use this flaw to potentially obtain sensitive information by issuing a specially-crafted dtach client connection close request.
Upstream ticket: [1] http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357 Preliminary proposed patch: [2] http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812 References: [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302 [4] https://bugzilla.redhat.com/show_bug.cgi?id=812551 [5] https://bugzilla.redhat.com/show_bug.cgi?id=835849 Could you allocate a CVE id for this issue? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- dtach: Memory portion (random stack data) disclosure to the client by unclean client disconnect Jan Lieskovsky (Jun 27)