Package: radvd / 1:1.9.1-1.3
Metadata
Package | Version | Patches format |
---|---|---|
radvd | 1:1.9.1-1.3 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
0001 set_interface_var doesn t check interface name and b.patch | (download) |
device-linux.c |
4 4 + 0 - 0 ! |
[patch] set_interface_var() doesn't check interface name and blindly does fopen(path "/" ifname, "w") on it. As "ifname" is an untrusted input, it should be checked for ".." and/or "/" in it. Otherwise, an infected unprivileged daemon may overwrite contents of file named "mtu", "hoplimit", etc. in arbitrary location with arbitrary 32-bit value in decimal representation ("%d"). If an attacker has a local account or may create arbitrary symlinks with these names in any location (e.g. /tmp), any file may be overwritten with a decimal value. |
0006 removing mdelay in unicast only case.patch | (download) |
process.c |
3 2 + 1 - 0 ! |
[patch] removing mdelay in unicast only case |
0007 checking iface name more carefully.patch | (download) |
device-linux.c |
2 1 + 1 - 0 ! |
[patch] checking iface name more carefully modified: device-linux.c |
kfreebsd.patch | (download) |
configure.ac |
6 6 + 0 - 0 ! |
--- |
1