CVE-2012-3368
Published: 3 July 2012
Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.
Priority
Status
Package | Release | Status |
---|---|---|
dtach Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(0.8-2ubuntu0.10.04.1)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Released
(0.8-2ubuntu0.11.10.1)
|
|
precise |
Released
(0.8-2ubuntu0.12.04.1)
|
|
quantal |
Not vulnerable
(0.8-2.1)
|
|
upstream |
Released
(0.8-2.1)
|
|
Patches: upstream: http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812 |
References
Bugs
- http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302
- https://bugzilla.redhat.com/show_bug.cgi?id=812551
- https://bugzilla.redhat.com/show_bug.cgi?id=835849
- https://bugs.launchpad.net/ubuntu/+source/dtach/+bug/1088355