oss-sec mailing list archives
Re: CVE request: heap overflow in tcptrack < 1.4.2
From: Moritz Muehlenhoff <jmm () debian org>
Date: Tue, 13 Sep 2011 21:36:47 +0200
On Wed, Aug 31, 2011 at 06:35:45PM -0400, Steven M. Christey wrote:
I'm wondering if this should have received a CVE. https://bugs.gentoo.org/show_bug.cgi?id=377917 quotes upstream: "This fixes a heap overflow in the parsing of the command line... this may have security repercussions if tcptrack is configured as a handler for other applications that can pass user-supplied command line input to tcptrack." The "attack" is through a command line argument. While it's listed as a sniffer, the above text suggests that tcptrack might not be setuid/privileged, since the only given scenario is "as a handler for other applications." Unless this is a typical/known scenario, this seems like just another unprivileged application, in which case the control over a command line argument would not directly cross privilege boundaries, thus falling into the realm of "bug" and not "vulnerability."
FWIW, we're treating it as a non-security issue in Debian. Cheers, Moritz
Current thread:
- CVE request: heap overflow in tcptrack < 1.4.2 Vincent Danen (Aug 09)
- Re: CVE request: heap overflow in tcptrack < 1.4.2 Josh Bressers (Aug 09)
- Re: CVE request: heap overflow in tcptrack < 1.4.2 Steven M. Christey (Aug 31)
- Re: CVE request: heap overflow in tcptrack < 1.4.2 Moritz Muehlenhoff (Sep 13)
- Re: CVE request: heap overflow in tcptrack < 1.4.2 Steven M. Christey (Aug 31)
- Re: CVE request: heap overflow in tcptrack < 1.4.2 Josh Bressers (Aug 09)