APP: LibGTop Format String Attack

This signature detects attempts to exploit a known vulnerability in libgtop. Attackers can send a malformed request that can allow them to take control of the server with libgtop process privileges.

Extended Description

The GNOME libgtop_daemon is used to monitor processes running on a remote Linux system running GNOME. Under some conditions, when a remote connection fails, user supplied input is used as a format string within a log message. A malicious user may construct a string including format modifiers, causing stack information to be written to the log file, and possibly leading to remote execution of arbitrary code. Older versions of libgtop_daemon may share this vulnerability.

Affected Products

Gnome libgtop_daemon

References

BugTraq: 3586

CVE: CVE-2001-0927

URL: http://directory.fsf.org/libs/LibGTop.html http://archives.neohapsis.com/archives/bugtraq/2001-11/0218.html http://www.debian.org/security/2002/dsa-098

Short Name

APP:LIBGTOP-FMT-STR

Severity

Major

Recommended

False

Recommended Action

Drop

APP: LibGTop Format String Attack

Extended Description

Affected Products

References

Found a potential security threat?