CVE-2012-3368

Published: 3 July 2012

Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.

Priority

Status

Package	Release	Status
dtach Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Released (0.8-2ubuntu0.10.04.1)
	natty	Ignored (end of life)
	oneiric	Released (0.8-2ubuntu0.11.10.1)
	precise	Released (0.8-2ubuntu0.12.04.1)
	quantal	Not vulnerable (0.8-2.1)
	upstream	Released (0.8-2.1)
	Patches: upstream: http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812

References

https://www.cve.org/CVERecord?id=CVE-2012-3368
NVD
Launchpad
Debian

Bugs

http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302
https://bugzilla.redhat.com/show_bug.cgi?id=812551
https://bugzilla.redhat.com/show_bug.cgi?id=835849
https://bugs.launchpad.net/ubuntu/+source/dtach/+bug/1088355

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›