Bug#448763: CVE-2007-5690 Buffer overflow in sethdlc.c
Nico Golde
nion at debian.org
Wed Oct 31 19:07:53 UTC 2007
Hi Tzafrir,
* Tzafrir Cohen <tzafrir.cohen at xorcom.com> [2007-10-31 20:03]:
> On Wed, Oct 31, 2007 at 07:44:13PM +0100, Nico Golde wrote:
[...]
> > This is not really a security problem in Debian since
> > sethdlc-new is not suid root so it will just segfault.
> >
> > For further information:
> > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5690
>
> Note, however, that sethdlc.c does not get installed by default on
> Debian. The issue does seem to affect sethdlc-new.
>
> In fact, it will not even build on kernels newer than 2.4.20 .
> sethdlc-new is not installed by default in any automated script.
>
> Looking into this right now.
I haven't checked which binary is created by sethdlc.c I
just assumed it is sethdlc-new and could reproduce this
issue after reading the code with it.
Anyway, this is tagged as "unimportant" in the security
tracker but the strcpy in line 296 sethdlc.c should be
replaced anyway.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20071031/9b4a36a3/attachment.pgp
More information about the Pkg-voip-maintainers
mailing list