[Bug 34129] gaim executable stack (security best-practice failure)
John Moser
nigelenki at comcast.net
Wed Mar 8 20:39:09 UTC 2006
Public bug reported:
https://launchpad.net/malone/bugs/34129
Affects: gaim (Ubuntu)
Severity: Normal
Priority: (none set)
Status: Unconfirmed
Description:
lsmemmap.sh shows gaim has an executable stack on x86-64. This is a
security best-practice failure: a stack-based buffer overflow in gaim
will easily open up attacks via sending deformed instant messages which
would otherwise be confined to denial of service attacks.
task 5173 (/usr/bin/gaim)
7fffffe03000-7fffffe18000 rwxp 7fffffe03000 00:00 0 [stack]
Please note that this is not a security vulnerability; it is a failure to execute security best practices. By correcting this, certain real vulnerabilities will become difficult or impossible to exploit beyond basic denial of service.
The most likely cause of this is the use of gcc nested functions in gaim
or a gaim plug-in.
More information about the desktop-bugs
mailing list