CVE-2011-2903 Information

Description

Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument. NOTE: this is only a vulnerability in limited scenarios in which tcptrack is \configured as a handler for other applications.\ This issue might not qualify for inclusion in CVE.

Reference

http://seclists.org/oss-sec/2011/q3/293 http://www.openwall.com/lists/oss-security/2011/08/31/1 http://www.rhythm.cx/~steve/devel/tcptrack/ http://www.securityfocus.com/bid/49352 https://bugs.gentoo.org/show_bug.cgi?id=377917 https://bugzilla.redhat.com/show_bug.cgi?id=729096 https://exchange.xforce.ibmcloud.com/vulnerabilities/69467