Ubuntu
inotify-tools package

[inotify-tools] [CVE-2007-5037] buffer overflow, possible execution of arbitrary code, local vulnerability

Bug #180301 reported by disabled.user on 2008-01-04

258

Affects		Status	Importance	Assigned to	Milestone
	inotify-tools (Debian)	Fix Released	Unknown	debbugs #443913
	inotify-tools (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

Binary package hint: inotify-tools

References:
DSA-1440-1 (http://www.debian.org/security/2007/dsa-1440)

Quoting:
"It was discovered that a buffer overflow in the filename processing of
the inotify-tools, a command-line interface to inotify, may lead to
the execution of arbitrary code. This only affects the internal
library and none of the frontend tools shipped in Debian."

CVE References

2007-5037

Bug Watch Updater (bug-watch-updater) on 2008-01-05

Changed in inotify-tools:
status:	Unknown → Fix Released

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-04-14:

Fixed in hardy.

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-04-14:

Fixed in Gutsy too.

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-04-14:

Package do not exist in Feisty/edgy/dapper and fixed in hardy/gutsy.

Changed in inotify-tools:
status:	New → Invalid

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #443913
[done grave patch security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntuinotify-tools package

[inotify-tools] [CVE-2007-5037] buffer overflow, possible execution of arbitrary code, local vulnerability

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
inotify-tools package