First published: Wed Jun 27 2012(Updated: )
A portion of memory (random stack data) disclosure flaw was found in the way dtach, a simple program emulating the detach feature of screen, performed client connection termination under certain circumstances. A remote attacker could use this flaw to potentially obtain sensitive information by issuing a specially-crafted dtach client connection close request. Upstream ticket: [1] <a href="http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357">http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357</a> Preliminary proposed patch: [2] <a href="http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812">http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812</a> References: [3] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302</a> [4] <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED DUPLICATE - [PATCH] Bad behavior on disconnect" href="show_bug.cgi?id=812551">https://bugzilla.redhat.com/show_bug.cgi?id=812551</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Dtach | =0.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.