CVE-2004-0172 ltrace

Metadata

high
7.2
ltrace
CVE-2004-0172
2017-06-18 07:04
2017-06-16 18:43
2017-04-01 19:11
2017-01-05 20:16

Description

Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

None

Unaffected

Release Package Reason
stretch ltrace
jessie ltrace
buster ltrace
wheezy ltrace
sid ltrace