** Changed in: kdesudo
Status: Fix Committed = Fix Released
--
kdesudo crashed with SIGSEGV in strlen()
https://bugs.launchpad.net/bugs/281877
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Branch linked: lp:ubuntu/kdesudo
--
kdesudo crashed with SIGSEGV in strlen()
https://bugs.launchpad.net/bugs/281877
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
This bug was fixed in the package kdesudo - 3.4.2-0ubuntu1
---
kdesudo (3.4.2-0ubuntu1) karmic; urgency=low
[ Anthony Mercatante ]
* New upstream release:
- Closes LP: #281877
- Closes LP: #258799
- Closes Debian #525292
- Closes LP: #365956
[ Florian Reinhard
** Changed in: kdesudo
Status: New = Fix Committed
--
kdesudo crashed with SIGSEGV in strlen()
https://bugs.launchpad.net/bugs/281877
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
The issue isn't if %n works, but if %n is in writable memory:
$ kdesudo echo %x%x%n
*** %n in writable segment detected ***
Test programs to see this need to have writable memory, and be compiled
-O2 (the default for kdesudo).
It's also unimportant because there are no privileges yet when the
I submitted a patch for this bug three months ago, and it continues to
affect other users. If someone will add me to the Kubuntu KdeSudo
Development Team I will add it myself. Otherwise, could someone else
apply me patch? Also, Kees Cook is incorrect about %n, which continues
to work for me.
--
I also got a crash today, when I tried to run a backup utility named
'Back in Time'. I think it looks same as this bug.
$ kdesudo -v
Qt: 4.4.3
KDE: 4.2.2 (KDE 4.2.2)
KdeSudo: 3.1
Application: KdeSudo (kdesudo), signal SIGSEGV
[Current thread is 0 (LWP 24096)]
Thread 2 (Thread 0xb5098b90 (LWP
** Changed in: kdesudo (Ubuntu)
Assignee: (unassigned) = Anthony Mercatante (tonio)
--
kdesudo crashed with SIGSEGV in strlen()
https://bugs.launchpad.net/bugs/281877
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs
** Changed in: kdesudo (Ubuntu)
Importance: Low = Medium
** Changed in: kdesudo (Ubuntu)
Assignee: Anthony Mercatante (tonio) = (unassigned)
--
kdesudo crashed with SIGSEGV in strlen()
https://bugs.launchpad.net/bugs/281877
You received this bug notification because you are a member of
This is certainly a bug, but kdesudo is just a wrapper around sudo.
While it does expand the arguments incorrectly, this isn't exploitable
short of tricking someone to run kdesudo on a huge weird-looking
commandline that would just fail anyway since glibc would block any use
of %n. Unflagged as
** This bug has been flagged as a security issue
--
kdesudo crashed with SIGSEGV in strlen()
https://bugs.launchpad.net/bugs/281877
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Tags added: patch
--
kdesudo crashed with SIGSEGV in strlen()
https://bugs.launchpad.net/bugs/281877
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
This is a formating string vulnerability. It is almost certainly
exploitable. I have attached the trivial patch.
** Attachment added: FormatStringVuln.diff
http://launchpadlibrarian.net/24493303/FormatStringVuln.diff
--
kdesudo crashed with SIGSEGV in strlen()
** Also affects: kdesudo
Importance: Undecided
Status: New
--
kdesudo crashed with SIGSEGV in strlen()
https://bugs.launchpad.net/bugs/281877
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
This bug is easy to reproduce, for example with the command line kdesudo echo
%s .
As far as i can see the reason is the fprintf statement in KdeSudo::parseOutput
which falsely tries to interpret the parameters in the string.
--
kdesudo crashed with SIGSEGV in strlen()
** Visibility changed to: Public
--
kdesudo crashed with SIGSEGV in strlen()
https://bugs.launchpad.net/bugs/281877
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
16 matches
Mail list logo
