Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Version of GTK bundled with NMAP on Windows is insecure

From: Fyodor <fyodor () insecure org>
Date: Thu, 7 Jan 2010 13:14:31 -0800
On Thu, Jan 07, 2010 at 09:27:24AM -0600, William Johnston wrote:

NMAP bundles version 2.14.7 of GTK which has a security vulnerability.

Versions of GTK later than 2.18.5 are fixed.

Information here:
http://secunia.com/advisories/37852/


Hi William, thanks for the report.  The good news is that this issue
does not really impact Zenmap in any way.  I found some more URLs
describing the bug:

http://osvdb.org/show/osvdb/61203
https://bugs.edge.launchpad.net/ubuntu/+source/gnome-screensaver/+bug/446395
https://bugzilla.gnome.org/show_bug.cgi?id=598476

Basically this bug in GTK could could cause the applicaton using it to
crash.  This became a security issue in the case of gnome-screensaver
because the crash would effectively bypass the password lock.  But
such a crash wouldn't cause a security issue for Zenmap, even if
Zenmap did have some sort of code path which triggered the bug like
the screensaver animation did.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: