CVE-2017-9430 on Dnstracer 1.9
Bug #1734279 reported by
Jon Larrea
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| dnstracer (Ubuntu) |
Triaged
|
Low
|
Unassigned | ||
Bug Description
Stack-based buffer overflow in dnstracer through 1.9 allows attackers to execute arbitrary code via a command line with a long name argument that is mishandled in a strcpy call for argv[0].
Vulnerability: http://
Fix: https:/
CVE References
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #1 |
| information type: | Private Security → Public Security |
| Changed in dnstracer (Ubuntu): | |
| status: | New → Confirmed |
| Changed in dnstracer (Ubuntu): | |
| importance: | Undecided → Low |
| status: | Confirmed → Triaged |
To post a comment you must log in.
Hello Jon,
We prioritized this as vulnerability as a 'low'[0] issue, so we're unlikely to issue an update for this issue until either more issues in dnstracer are discovered or perhaps if someone prepares an update that we can sponsor.
Do you rely upon calling this tool in an unsafe manner in one of your tools? Or, does one of our tools in main call this tool in an unsafe manner?
Thanks
0: https:/