Bug#698189: swath: Buffer Overflow with console args is possible.

2013-01-16 Thread Theppitak Karoonboonyanan
On Tue, Jan 15, 2013 at 10:45 PM, Dominik Maier domen...@gmail.com wrote: Only issue I could think of is that it could be used to escalate permissions of an attacker to swath's user's context. Then again, the system already has to be infiltrated to do that... So, it's still possible to

Bug#698189: swath: Buffer Overflow with console args is possible.

2013-01-16 Thread Dominik Maier
You have already fixed it, haven't you? ;) On Wed, Jan 16, 2013 at 3:53 PM, Theppitak Karoonboonyanan t...@linux.thai.net wrote: So, it's still possible to exploit by explicitly invoking swath mule mode in some scripts or so. I think I'll fix this.

Bug#698189: swath: Buffer Overflow with console args is possible.

2013-01-16 Thread Theppitak Karoonboonyanan
On Wed, Jan 16, 2013 at 10:55 PM, Dominik Maier domen...@gmail.com wrote: You have already fixed it, haven't you? ;) I mean, with Debian upload. Regards, -- Theppitak Karoonboonyanan http://linux.thai.net/~thep/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a

Bug#698189: swath: Buffer Overflow with console args is possible.

2013-01-16 Thread Dominik Maier
Yes, you should get the latest Version to the repository. On Wed, Jan 16, 2013 at 4:57 PM, Theppitak Karoonboonyanan t...@linux.thai.net wrote: On Wed, Jan 16, 2013 at 10:55 PM, Dominik Maier domen...@gmail.com wrote: You have already fixed it, haven't you? ;) I mean, with Debian upload.

Bug#698189: swath: Buffer Overflow with console args is possible.

2013-01-16 Thread Theppitak Karoonboonyanan
On Wed, Jan 16, 2013 at 11:00 PM, Dominik Maier domen...@gmail.com wrote: Yes, you should get the latest Version to the repository. No, Wheezy is now frozen. I had better backport the patch. Regards, -- Theppitak Karoonboonyanan http://linux.thai.net/~thep/ -- To UNSUBSCRIBE, email to

Bug#698189: swath: Buffer Overflow with console args is possible.

2013-01-15 Thread Theppitak Karoonboonyanan
On Tue, Jan 15, 2013 at 6:44 AM, Dominik Maier domen...@gmail.com wrote: Buffer overflow because of strcpy with possibility to inject shellcode: swath mule -b [More than 20 to overflow and possibly inject shellcode.] emptyfile proplematic lines are: char stopstr[20]; if (muleMode)

Bug#698189: swath: Buffer Overflow with console args is possible.

2013-01-15 Thread Dominik Maier
Hi, The Argument will most likely not come from untrusted sources, I guess? So it's no severe risk. Only issue I could think of is that it could be used to escalate permissions of an attacker to swath's user's context. Then again, the system already has to be infiltrated to do that... Regards

Bug#698189: swath: Buffer Overflow with console args is possible.

2013-01-14 Thread Dominik Maier
Package: swath Version: 0.4.0-4 Buffer overflow because of strcpy with possibility to inject shellcode: swath mule -b [More than 20 to overflow and possibly inject shellcode.] emptyfile proplematic lines are: char stopstr[20]; if (muleMode) strcpy(stopstr,wbr); Instead, you should