Info

Last Modified

over 2 years ago

Percent Complete

Disclosure

Jan 14, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 5% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Description

(Description Provided by CVE) : Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor.

Classification

Attack Type: Input Manipulation

Products

Unknown or Incomplete

References

CVE ID: 2007-0235 (see also: NVD)
Bugtraq ID: 22054
Secunia Advisory ID: 23736 23777 23777 23814 23814 23840 23840 23872 23872 24015 26367
ISS X-Force ID: 31522
VUPEN Advisory: ADV-2007-0185 ADV-2007-0187
Other Advisory URL: http://bugzilla.gnome.org/show_bug.cgi?id=396477
http://www.debian.org/security/2007/dsa-1255
http://www.gentoo.org/security/en/glsa/glsa-200701-17.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:023
http://www.ubuntu.com/usn/usn-407-1
https://issues.rpath.com/browse/RPL-972
Vendor Specific News/Changelog Entry: http://bugzilla.gnome.org/show_bug.cgi?id=396477
http://ftp.gnome.org/pub/gnome/sources/libgtop/2.14/libgtop-2.14.6.news
https://issues.rpath.com/browse/RPL-972
Vendor Specific Solution URL: http://security.gentoo.org/glsa/glsa-200701-17.xml
Vendor Specific Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:023
http://www.ubuntu.com/usn/usn-407-1
Generic Informational URL: https://launchpad.net/bugs/79206
RedHat RHSA: RHSA-2007:0765

Tools & Filters

	24253 24294 24638 25863 25877 27325 29502

Credit

Unknown or Incomplete

CVSSv2 Score

CVSSv2 Base Score = 3.7
Source: nvd.nist.gov | Generated: 2007-01-16 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.