Vulnerabilities > CVE-2004-0172 - Local Command Line Parameter Heap Overflow vulnerability in Juan Cespedes Ltrace 0.3.10

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

juan-cespedes

NVD

Published: 2004-03-15

Updated: 2017-07-11

Summary

Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed.

Vulnerable Configurations

Part	Description	Count
Application	Juan_Cespedes Juan Cespedes Ltrace 0.3.10	1

References

http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011600.html
http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011610.html
http://securitytracker.com/id?1007896
http://www.securityfocus.com/bid/8790
https://exchange.xforce.ibmcloud.com/vulnerabilities/13389