|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2005-2627: kismet: heap overflow leads to possible code execution | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Thomas Biege <thomas> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | patch-request, security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | All | ||
| URL: | http://www.gentoo.org/security/en/glsa/glsa-200508-10.xml | ||
| Whiteboard: | CVE-2005-2627: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) | ||
| Found By: | Other | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Thomas Biege
2005-08-22 12:20:36 UTC
CAN-2005-2626: attack via unprintable chars in SSID CAN-2005-2627: integer overflows lead to heap overflow SM-Tracker-2103 The author says he still doesn't know all the details, should we wait or go with the update? In this situation it would meant update for all dists I'm afraid. Thomas, what do you suggest? The package is not worth the work of extracting a patch I think, so let's just do a version upgrade. aj? Go ahead. fixes submited SM-Tracker-2160 /work/src/done/PATCHINFO/kismet.patch.box packages released closing... CVE-2005-2627: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) |