Package: libwrap0 Version: 7.6.dbs-10 Severity: critical Justification: causes serious data loss
In function daemon_or_port_match() in hosts_access.c, variable "port" is not initialized. Therefore, if (sscanf(tok, "%u%c", &port, &junk) != 1 && port < 65535) if "tok" contain a string (e.g. "sshd") and "port" have a number over 65535, this "if" statement is judged FALSE and access control become void. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.17.6 Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP) Versions of packages libwrap0 depends on: ii libc6 2.3.6.ds1-2 GNU C Library: Shared libraries Versions of packages libwrap0 recommends: ii tcpd 7.6.dbs-10 Wietse Venema's TCP wrapper utilit -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
