Hi Tzafrir, * Tzafrir Cohen <[EMAIL PROTECTED]> [2007-10-31 20:03]: > On Wed, Oct 31, 2007 at 07:44:13PM +0100, Nico Golde wrote: [...] > > This is not really a security problem in Debian since > > sethdlc-new is not suid root so it will just segfault. > > > > For further information: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5690 > > Note, however, that sethdlc.c does not get installed by default on > Debian. The issue does seem to affect sethdlc-new. > > In fact, it will not even build on kernels newer than 2.4.20 . > sethdlc-new is not installed by default in any automated script. > > Looking into this right now.
I haven't checked which binary is created by sethdlc.c I just assumed it is sethdlc-new and could reproduce this issue after reading the code with it. Anyway, this is tagged as "unimportant" in the security tracker but the strcpy in line 296 sethdlc.c should be replaced anyway. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpTcJ3IErNwC.pgp
Description: PGP signature
