Tkined’s Scotty is a Tcl extension to build network management applications. Ntping, a ping/traceroute program, is part of the Scotty package. It’s failure is to read a hostname as commandline option without checking the size. This leads to a bufferoverrun, that could be used to gain root privileges, because ntping is installed setuid root and is executeable by everyone.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 7.0 | i386 | scotty | < 2.1.10-315 | scotty-2.1.10-315.i386.rpm |
openSUSE | 7.0 | ppc | scotty | < 2.1.10-274 | scotty-2.1.10-274.ppc.rpm |
openSUSE | 7.0 | alpha | scotty | < 2.1.10-273 | scotty-2.1.10-273.alpha.rpm |
openSUSE | 7.0 | sparc | scotty | < 2.1.10-268 | scotty-2.1.10-268.sparc.rpm |
openSUSE | 6.4 | alpha | scotty | < 2.1.10-272 | scotty-2.1.10-272.alpha.rpm |
openSUSE | 6.4 | i386 | scotty | < 2.1.10-314 | scotty-2.1.10-314.i386.rpm |
openSUSE | 6.3 | i386 | scotty | < 2.1.10-314 | scotty-2.1.10-314.i386.rpm |
openSUSE | 6.3 | alpha | scotty | < 2.1.10-274 | scotty-2.1.10-274.alpha.rpm |