Multiple Vendor Linux LCDProc Buffer Overflow Vulnerability
A vulnerability exists in the server portion of version 0.4 of the LCDProc package. Several remote buffer overflows exist that could allow a remote attacker to corrupt memory and execute arbitrary code. As listed in the Bugtraq posting revealing this vulnerability, overflows exist at:
parse.c:149: sprintf(errmsg, "huh? Invalid command \"%s\"\n", argv);
screenlist.c:119: sprintf(str, "ignore %s\n", old_s->id);
screenlist.c:134: sprintf(str, "listen %s\n", s->id);
It is possible to exploit this conditions to execute code with the privileges of the user LCDProc is running as.