[SECURITY] Buffer overflow in libgtop2
Bug #79206 reported by
Qishuai Liu
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libgtop |
Fix Released
|
High
|
|||
libgtop2 (Ubuntu) |
Fix Released
|
High
|
Martin Pitt | ||
Breezy |
Fix Released
|
Undecided
|
Martin Pitt | ||
Dapper |
Fix Released
|
Undecided
|
Martin Pitt | ||
Edgy |
Fix Released
|
High
|
Martin Pitt |
Bug Description
Binary package hint: libgtop2-7
Reproducible in edgy and feisty.
$ export filename=
$ cp /bin/sleep $filename
$ ./$filename 100 &
$ gnome-system-
*** stack smashing detected ***: gnome-system-
Aborted
Changed in libgtop2: | |
status: | Unconfirmed → Confirmed |
Changed in libgtop2: | |
importance: | Undecided → Medium |
Changed in libgtop: | |
status: | Unknown → Fix Released |
Changed in libgtop2: | |
assignee: | nobody → pitti |
importance: | Undecided → High |
status: | Unconfirmed → In Progress |
Changed in libgtop: | |
importance: | Unknown → High |
To post a comment you must log in.
I can't reproduce it on current feisty on AMD64:
$ export filename=$(perl -e " print 's'x1000;") sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssssssss sssssssssss' : File name too long
$ cp /bin/sleep $filename
cp: accessing `ssssssssssssss
The cp only succeeds if filename is at most 255 chars long but then g-s-m doesn't crash.