Author: JT Smith
Posted at LinuxSecurity.com: “Tkined’s Scotty is a Tcl extension to build network management
applications.
Ntping, a ping/traceroute program, is part of the Scotty package.
It’s failure is to read a hostname as commandline option without checking
the size.
This leads to a bufferoverrun, that could be used to gain root privileges,
because ntping is installed setuid root and is executeable by everyone.”
applications.
Ntping, a ping/traceroute program, is part of the Scotty package.
It’s failure is to read a hostname as commandline option without checking
the size.
This leads to a bufferoverrun, that could be used to gain root privileges,
because ntping is installed setuid root and is executeable by everyone.”
Category:
- Linux
