oss-sec mailing list archives
Re: CVE Request -- dtach: Memory portion (random stack data) disclosure to the client by unclean client disconnect
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 28 Jun 2012 21:14:11 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/27/2012 03:58 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors, a portion of memory (random stack data) disclosure flaw was found in the way dtach, a simple program emulating the detach feature of screen, performed client connection termination under certain circumstances. A remote attacker could use this flaw to potentially obtain sensitive information by issuing a specially-crafted dtach client connection close request. Upstream ticket: [1] http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357 Preliminary proposed patch: [2] http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812 References: [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302 [4] https://bugzilla.redhat.com/show_bug.cgi?id=812551 [5] https://bugzilla.redhat.com/show_bug.cgi?id=835849 Could you allocate a CVE id for this issue? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Please use CVE-2012-3368 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP7R2DAAoJEBYNRVNeJnmT7uIP/2gnoIsX8SAs4q0Dlvtbdu2y apxeoM8Rk1rg9bUaVvMRnzIX4YGnbmdwaOT3uttXyMeYByCgfJcFoW0MhhNvs2C5 iZ09i2m78wR8QLp6+6BBo7FR6n+uKqyDz2bWc9QeqpxzAH2kar+gKmtEd8XfstOp Up6VHi9TYrNs02KsIObsZci3RJAIwihahQmv/8rXYKD0ktyQ+nV7geDHg+VhSxvE nHascnJgDxeC/pSiSw9szUCAczsZ+4ngGMVhkPuMXIknSj0tqwEPRJIM2U2X/s+z fVUJKaZY5cSJFKYcyvubJzwyq7c1hNrEtaLBqQjuSQ9GJLkKYQUmXuErC0vJPWkh 8n/jEke++OrrIzd6DVua6f2WX0d6DCJdDbg1fg4BqMV7Sj6/XH7/+n56DHyKyAsg a8A14lSOUPeae3t8C5E8xuuPpsAZoNSTclOIy7zl8o2Qtl83bhVfLmAYmOqq1T41 XWmjK5YzrkcrZ9H/Q4gM+e1hgwMuaOLMkxv9E4DT8W8/e3/IkjIZ9MsELS9Tllio 4msi/MqnEmlro/doDuSI7FVHv1uBO7JNRG0+l1nMs7DRX2VIr1D7Wj9ivpVWAOtY dGlhB9vQQi4FD++NT11KpL8FTGTqZo5nG7hU3dsV7j0Kn7PxAWitl6x2qgNzfUx2 4lWKs3wgmKa1AN+yvwPi =5A2p -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- dtach: Memory portion (random stack data) disclosure to the client by unclean client disconnect Jan Lieskovsky (Jun 27)
- Re: CVE Request -- dtach: Memory portion (random stack data) disclosure to the client by unclean client disconnect Kurt Seifried (Jun 28)