Package: sshm
Version: 0.4.2-1
Severity: normal
sshm is vulnerable due to uncontrolled format string usage with sscanf.
Furthermore a vulnerability caused by unsafe usage of std::cin exists.
Reproduction:
sscanf: create a entry/line in $HOME/.sshm to cause a segfault:
"a b c dddd /* d repeats about 200 times */"
std:cin: Create a new server entry with `sshm --add`. Enter a Hostname/IP
longer than aprox. 250 characters. The application will claim, that only 85
characters are allowed. Type random data to finish the add dialog. The program
will segfault.
Both vulnerabilities may be used to inject shellcode and therefore execute
arbitrary code in a users context.
-- System Information:
Debian Release: 6.0.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages sshm depends on:
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.5-8 GCC support library
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii openssh-client 1:5.5p1-6+squeeze2 secure shell (SSH) client, for sec
sshm recommends no packages.
sshm suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
