Nmap Development mailing list archives
Re: Version of GTK bundled with NMAP on Windows is insecure
From: Fyodor <fyodor () insecure org>
Date: Thu, 7 Jan 2010 13:14:31 -0800
On Thu, Jan 07, 2010 at 09:27:24AM -0600, William Johnston wrote:
NMAP bundles version 2.14.7 of GTK which has a security vulnerability. Versions of GTK later than 2.18.5 are fixed. Information here: http://secunia.com/advisories/37852/
Hi William, thanks for the report. The good news is that this issue does not really impact Zenmap in any way. I found some more URLs describing the bug: http://osvdb.org/show/osvdb/61203 https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395 https://bugzilla.gnome.org/show_bug.cgi?id=598476 Basically this bug in GTK could could cause the applicaton using it to crash. This became a security issue in the case of gnome-screensaver because the crash would effectively bypass the password lock. But such a crash wouldn't cause a security issue for Zenmap, even if Zenmap did have some sort of code path which triggered the bug like the screensaver animation did. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Version of GTK bundled with NMAP on Windows is insecure William Johnston (Jan 07)
- Re: Version of GTK bundled with NMAP on Windows is insecure Fyodor (Jan 07)