Package: aatv
Version: 0.3-3
Severity: normal
*** Please type your report below this line ***
aatv contains code which causes a buffer overflow when reading
an overly long $HOME variable.
This is exploitable to execute arbitary code, but not usefully since
it is neither setuid nor setgid.
Demonstration:
[EMAIL PROTECTED]:~$ HOME=`perl -e "print 'x'x3000"` aatv
Segmentation fault
[EMAIL PROTECTED]:~$
Code (aatv.c):
sprintf (filename, "%s/%s", getenv ("HOME"), ".aatv");
Fix:
snprintf (filename, sizeof(filename)-1, "%s/%s", getenv ("HOME"), ".aatv");
Steve
--
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.18-xen (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages aatv depends on:
ii libaa1 1.4p5-32 ascii art library
ii libc6 2.5-11 GNU C Library: Shared libraries
aatv recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
