Public bug reported:
https://launchpad.net/malone/bugs/34129
Affects: gaim (Ubuntu)
Severity: Normal
Priority: (none set)
Status: Unconfirmed
Description:
lsmemmap.sh shows gaim has an executable stack on x86-64. This is a
security best-practice failure: a stack-based buffer overflow in gaim
will easily open up attacks via sending deformed instant messages which
would otherwise be confined to denial of service attacks.
task 5173 (/usr/bin/gaim)
7fffffe03000-7fffffe18000 rwxp 7fffffe03000 00:00 0
[stack]
Please note that this is not a security vulnerability; it is a failure to
execute security best practices. By correcting this, certain real
vulnerabilities will become difficult or impossible to exploit beyond basic
denial of service.
The most likely cause of this is the use of gcc nested functions in gaim
or a gaim plug-in.
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
