htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings."
http://www.openwall.com/lists/oss-security/2008/11/02/1 http://www.openwall.com/lists/oss-security/2008/11/14/3 http://bugs.debian.org/504144 http://xforce.iss.net/xforce/xfdb/46321
htop 0.7 writes process names to a terminal without sanitizing
non-printable characters, which might allow local users to hide processes,
modify arbitrary files, or have unspecified other impact via a process name
with "crazy control strings."
http:// www.openwall. com/lists/ oss-security/ 2008/11/ 02/1 www.openwall. com/lists/ oss-security/ 2008/11/ 14/3 bugs.debian. org/504144 xforce. iss.net/ xforce/ xfdb/46321
http://
http://
http://