Signature Detail

Short Name	APP:LIBGTOP-FMT-STR
Severity	High
Recommended	No
Recommended Action	Drop
Category	APP
Keywords	LibGTop Format String Attack
Release Date	2005/03/30
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: LibGTop Format String Attack

This signature detects attempts to exploit a known vulnerability in libgtop. Attackers can send a malformed request that can allow them to take control of the server with libgtop process privileges.

Extended Description

The GNOME libgtop_daemon is used to monitor processes running on a remote Linux system running GNOME. Under some conditions, when a remote connection fails, user supplied input is used as a format string within a log message. A malicious user may construct a string including format modifiers, causing stack information to be written to the log file, and possibly leading to remote execution of arbitrary code. Older versions of libgtop_daemon may share this vulnerability.

Affected Products

GNOME libgtop_daemon 1.0.12
GNOME libgtop_daemon 1.0.6
GNOME libgtop_daemon 1.0.7
GNOME libgtop_daemon 1.0.9

References

BugTraq: 3586
CVE: CVE-2001-0927
URL: http://directory.fsf.org/libs/LibGTop.html
URL: http://archives.neohapsis.com/archives/bugtraq/2001-11/0218.html
URL: http://www.debian.org/security/2002/dsa-098

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: LibGTop Format String Attack

Extended Description

Affected Products

References