Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name).
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libast | Libast | 0.4 (including) | 0.4 (including) |
| Libast | Libast | 0.5 (including) | 0.5 (including) |
| Libast | Libast | 0.6 (including) | 0.6 (including) |
| Libast | Libast | 0.6.1 (including) | 0.6.1 (including) |
| Libast | Ubuntu | dapper | * |
| Libast | Ubuntu | devel | * |
| Libast | Ubuntu | edgy | * |
| Libast | Ubuntu | feisty | * |
References
- http://freshmeat.net/projects/libast/?branch_id=17907\u0026release_id=217840
- http://secunia.com/advisories/18586
- http://secunia.com/advisories/18632
- http://secunia.com/advisories/18916
- http://securityreason.com/securityalert/373
- http://www.debian.org/security/2006/dsa-976
- http://www.gentoo.org/security/en/glsa/glsa-200601-14.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:029
- http://www.osvdb.org/22735
- http://www.rosiello.org/en/read_bugs.php?id=25
- http://www.securityfocus.com/archive/1/423088/100/0/threaded
- http://www.securityfocus.com/archive/1/423207/100/0/threaded
- http://www.securityfocus.com/archive/1/423366/100/0/threaded
- http://www.securityfocus.com/bid/16350
- http://www.vupen.com/english/advisories/2006/0314
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24303
- http://freshmeat.net/projects/libast/?branch_id=17907\u0026release_id=217840
- http://secunia.com/advisories/18586
- http://secunia.com/advisories/18632
- http://secunia.com/advisories/18916
- http://securityreason.com/securityalert/373
- http://www.debian.org/security/2006/dsa-976
- http://www.gentoo.org/security/en/glsa/glsa-200601-14.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:029
- http://www.osvdb.org/22735
- http://www.rosiello.org/en/read_bugs.php?id=25
- http://www.securityfocus.com/archive/1/423088/100/0/threaded
- http://www.securityfocus.com/archive/1/423207/100/0/threaded
- http://www.securityfocus.com/archive/1/423366/100/0/threaded
- http://www.securityfocus.com/bid/16350
- http://www.vupen.com/english/advisories/2006/0314
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24303