March 7, 2001

Advisory for analog

Author: JT Smith

Posted at "The author of analog, Stephen Turner, has found a buffer overflow bug
in all versions of analog except of version 4.16. A malicious user
could use an ALIAS command to construct very long strings which were
not checked for length and boundaries. This bug is particularly
dangerous if the form interface (which allows unknown users to run the
program via a CGI script) has been installed. There doesn't seem to
be a known exploit."


  • Linux
Click Here!