oss-sec mailing list archives
Re: plone, rrdtool, zenoss bugs
From: Henri Salo <henri () nerv fi>
Date: Sun, 19 May 2013 13:06:49 +0300
On Thu, Apr 18, 2013 at 02:05:42PM +0200, Thomas Pollet wrote:
Also, the rrdtool python module crashes on format string exploit $ python -c "import rrdtool rrdtool.graph('/tmp/out.png','-f','%n%n')" Segmentation fault this module is used by zenoss to create graphs (zenoss users are able to pass arguments to rrdtool).
Tested Debian wheezy packages: python-rrdtool 1.4.7-2 python2.7 2.7.3-6 Backtrace attached. Might affect other software too. Debian bug: http://bugs.debian.org/708866 --- Henri Salo
Attachment:
python-rrdtool-bt.txt
Description:
Attachment:
signature.asc
Description: Digital signature
Current thread:
- plone, rrdtool, zenoss bugs Thomas Pollet (Apr 18)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (Apr 18)
- Re: plone, rrdtool, zenoss bugs Matthew Wilkes (May 24)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 30)
- Re: plone, rrdtool, zenoss bugs Henri Salo (May 19)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 24)
- Re: plone, rrdtool, zenoss bugs Henri Salo (May 24)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 24)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 24)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (Apr 18)