Package name
libgtop
Date
2001-12-19
Advisory ID
MDKSA-2001:094
Affected versions
8.1 i586 , CS1.0 i586 , 8.1 i586 , 8.0 i586 , 8.0 i586 , 7.1 i586 , 7.2 i586

Problem description

A remote format string vulnerability was found in the libgtop daemon by Laboratory intexxia. By sending a specially crafted format string to the server, a remote attacker could potentially execute arbitrary code on the remote system with the daemon's permissions. By default libgtop runs as the user nobody, but the flaw could be used to compromise local system security by allowing the attacker to exploit other local vulnerabilities. A buffer overflow was also found by Flavio Veloso which could allow the client to execute code on the server. Both vulnerabilities are patched in this update and will be fixed upstream in version 1.0.14. libgtop_daemon is not invoked by default anywhere in Mandrake Linux.

Updated packages

8.1 i586

 31f68bbde5ead6d8262c5b5cfb056918  ia64/8.1/RPMS/libgtop1-1.0.12-4.1mdk.ia64.rpm
c454857c349043d5f20b7b34d61fe1b2  ia64/8.1/RPMS/libgtop1-devel-1.0.12-4.1mdk.ia64.rpm
ae5c879fd1557cf964c4da572597ee94  ia64/8.1/SRPMS/libgtop-1.0.12-4.1mdk.src.rpm

CS1.0 i586

 4460a5e35ae7d547298577edeff6f599  1.0.1/RPMS/libgtop-1.0.7-0.2mdk.i586.rpm
f9475e8907edcc20aade65e50829f609  1.0.1/RPMS/libgtop-devel-1.0.7-0.2mdk.i586.rpm
597321a95fbf7bc1e23510f478fb78e5  1.0.1/SRPMS/libgtop-1.0.7-0.2mdk.src.rpm

8.1 i586

 20b663d5dd475a7fdc3a538f1a2a3eef  8.1/RPMS/libgtop1-1.0.12-4.1mdk.i586.rpm
0bcd19f280c7723e098918bbc68f52af  8.1/RPMS/libgtop1-devel-1.0.12-4.1mdk.i586.rpm
ae5c879fd1557cf964c4da572597ee94  8.1/SRPMS/libgtop-1.0.12-4.1mdk.src.rpm

8.0 i586

 2a063541aa9f9a100dd4c65b732224fd  8.0/RPMS/libgtop1-1.0.12-4.1mdk.i586.rpm
fb4cfb4b72e16121a6dab24e093b1de3  8.0/RPMS/libgtop1-devel-1.0.12-4.1mdk.i586.rpm
ae5c879fd1557cf964c4da572597ee94  8.0/SRPMS/libgtop-1.0.12-4.1mdk.src.rpm

8.0 i586

 8e1dbba939c6281e22f57056dea4bb21  ppc/8.0/RPMS/libgtop1-1.0.12-4.1mdk.ppc.rpm
573688a8cdb56d2f07b8fc014784d036  ppc/8.0/RPMS/libgtop1-devel-1.0.12-4.1mdk.ppc.rpm
ae5c879fd1557cf964c4da572597ee94  ppc/8.0/SRPMS/libgtop-1.0.12-4.1mdk.src.rpm

7.1 i586

 4460a5e35ae7d547298577edeff6f599  7.1/RPMS/libgtop-1.0.7-0.2mdk.i586.rpm
f9475e8907edcc20aade65e50829f609  7.1/RPMS/libgtop-devel-1.0.7-0.2mdk.i586.rpm
597321a95fbf7bc1e23510f478fb78e5  7.1/SRPMS/libgtop-1.0.7-0.2mdk.src.rpm

7.2 i586

 a7884a2c6af568510428aa02a354a30c  7.2/RPMS/libgtop-1.0.9-5.1mdk.i586.rpm
00d86824f66784890e348752144a476f  7.2/RPMS/libgtop-devel-1.0.9-5.1mdk.i586.rpm
6515e7d2a32b750062833cb59dbc64e7  7.2/SRPMS/libgtop-1.0.9-5.1mdk.src.rpm

References