Package: apcalc
Version: 2.12.1.5-1
Severity: grave
Tags: security
Justification: user security hole

Hi,

  I reported this bug as a security hole just because I found what it 
seems to be a dangling pointer... I have no idea if it could be 
maliciously exploted... so feel free to downgrade its severity if you 
can certify otherwise.

  The bug can be reproduced by simply calling 
    config("mode","XX")
  where XX is any non-valid option... for example "Exp".  The return 
string says:
   Unknown mode "YY"
  where YY is some random garbage.

  I'm running etch on an AMD64, but I tested this bug in both 
chroot i386/etch and chroot amd64/sid, reproducing in both cases.

   Thanks!


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable'), (50, 'unstable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-amd64
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages apcalc depends on:
ii  apcalc-common               2.12.1.5-1   Arbitrary precision calculator (co
ii  libc6                       2.3.6.ds1-13 GNU C Library: Shared libraries
ii  libncurses5                 5.5-5        Shared libraries for terminal hand
ii  libreadline5                5.2-2        GNU readline and history libraries

apcalc recommends no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to