• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: GNOME libgtop_daemon Remote Buffer Overflow Vulnerability

Severity: HIGH

Description:

The GNOME libgtop_daemon is used to monitor processes running on a remote system.

Under some conditions, when a remote connection fails, user supplied input is used as within a log message. As part of this operation, the input is copied from a buffer in an unsafe manner. This will overwrite part of the stack, possibly leading to remote code execution as the libgtop_daemon user.

While the daemon will normally execute as the nobody user, successful exploitation of this vulnerability may lead to a local shell. From a local viewpoint, elevated privileges may be easier to obtain.

Older versions of libgtop_daemon may share this vulnerability.

Affected Products:

• Conectiva Linux 5.0.0
• Conectiva Linux 5.1.0
• Conectiva Linux 6.0.0
• Conectiva Linux 7.0.0
• Conectiva Linux ecommerce
• Conectiva Linux graficas
• Debian Linux 2.2.0
• Debian Linux 2.2.0 68k
• Debian Linux 2.2.0 IA-32
• Debian Linux 2.2.0 alpha
• Debian Linux 2.2.0 arm
• Debian Linux 2.2.0 powerpc
• Debian Linux 2.2.0 sparc
• Debian Linux 3.0.0
• Debian Linux 3.0.0 alpha
• Debian Linux 3.0.0 arm
• Debian Linux 3.0.0 hppa
• Debian Linux 3.0.0 ia-32
• Debian Linux 3.0.0 ia-64
• Debian Linux 3.0.0 m68k
• Debian Linux 3.0.0 mips
• Debian Linux 3.0.0 mipsel
• Debian Linux 3.0.0 ppc
• Debian Linux 3.0.0 s/390
• Debian Linux 3.0.0 sparc
• GNOME libgtop_daemon 1.0.12
• GNOME libgtop_daemon 1.0.13
• GNOME libgtop_daemon 1.0.6
• GNOME libgtop_daemon 1.0.7
• GNOME libgtop_daemon 1.0.9
• MandrakeSoft Corporate Server 1.0.1
• MandrakeSoft Linux Mandrake 7.1.0
• MandrakeSoft Linux Mandrake 7.2.0
• MandrakeSoft Linux Mandrake 8.0.0
• MandrakeSoft Linux Mandrake 8.0.0 ppc
• MandrakeSoft Linux Mandrake 8.1.0
• MandrakeSoft Linux Mandrake 8.1.0 ia64

References:

• Home-Of-Linux.org: LibGTop

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.