[CVE-2008-5076] htop does not filter non-printable characters in process names
Bug #299627 reported by
David Futcher
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
htop |
Unknown
|
Unknown
|
|||
htop (Debian) |
Fix Released
|
Unknown
|
|||
htop (Fedora) |
Fix Released
|
Medium
|
|||
htop (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned | ||
Intrepid |
Fix Released
|
Undecided
|
Unassigned | ||
Jaunty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: htop
Htop writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings."
CVE References
Changed in htop: | |
assignee: | nobody → bobbo |
status: | New → In Progress |
Changed in htop: | |
status: | Unknown → Confirmed |
Changed in htop: | |
assignee: | bobbo → nobody |
status: | In Progress → Confirmed |
Changed in htop: | |
status: | Unknown → Fix Released |
Changed in htop (Ubuntu Jaunty): | |
status: | Confirmed → Fix Released |
Changed in htop (Ubuntu Intrepid): | |
assignee: | nobody → andreas-wenning |
status: | New → In Progress |
Changed in htop (Ubuntu Hardy): | |
assignee: | nobody → andreas-wenning |
status: | New → In Progress |
Changed in htop (Ubuntu Dapper): | |
status: | New → Confirmed |
Changed in htop (Fedora): | |
importance: | Unknown → Medium |
status: | Confirmed → Fix Released |
To post a comment you must log in.
htop 0.7 writes process names to a terminal without sanitizing
non-printable characters, which might allow local users to hide processes,
modify arbitrary files, or have unspecified other impact via a process name
with "crazy control strings."
http:// www.openwall. com/lists/ oss-security/ 2008/11/ 02/1 www.openwall. com/lists/ oss-security/ 2008/11/ 14/3 bugs.debian. org/504144 xforce. iss.net/ xforce/ xfdb/46321
http://
http://
http://