[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Patch: buffer overflow in info in get_manpage_node()
|
From: |
Patrice Dumas |
|
Subject: |
Re: Patch: buffer overflow in info in get_manpage_node() |
|
Date: |
Sat, 7 Mar 2015 12:02:27 +0100 |
|
User-agent: |
Mutt/1.5.20 (2009-12-10) |
On Fri, Mar 06, 2015 at 08:31:39AM +0000, Gavin Smith wrote:
> Dear James,
>
> Thank you for the report. The last version released was 5.2, but there
> was a similar issue in the most recent version anyway. I've committed
> a change to not use a fixed-length buffer. I don't know why anybody
> would be asking for a manpage with 1000's of bytes in its name, but I
> guess it is useful to be able to ignore these things when looking for
> other flaws.
Also there could be some possible security issues. I ma not really
knowledgable on the subject, but my recalling was that segmentation
faults could potentially be exploited, so if some users are able to
start the info binary with other user rights, and make it segfault,
there could be some possibility of privilege escalation. Of course this
could only happen in specific and probably implausible cases (starting
info through a web server, or an info with setuid bit set...) but who
knows.
--
Pat