CVE-2004-0172 Information

Description

Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10 if it is installed setuid could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program so this candidate might be REJECTed.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011600.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011610.html http://securitytracker.com/id?1007896 http://www.securityfocus.com/bid/8790 https://exchange.xforce.ibmcloud.com/vulnerabilities/13389