• info
• discussion
• exploit
• solution
• references

GNOME libgtop_daemon Remote Buffer Overflow Vulnerability

Solution:
Debian has released an advisory (DSA 301-1) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Fixes are available:


GNOME libgtop_daemon 1.0.12

• Conectiva 7.0 libgtop-1.0.13-U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgtop-1.0.13-U70_2cl.i3 86.rpm


• Conectiva 7.0 libgtop-devel-1.0.13-U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgtop-devel-1.0.13-U70_ 2cl.i386.rpm


• Conectiva 7.0 libgtop-devel-static-1.0.13-U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgtop-devel-static-1.0. 13-U70_2cl.i386.rpm


• Conectiva 7.0 libgtop-examples-1.0.13-U70_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgtop-examples-1.0.13-U 70_2cl.i386.rpm


• Mandrake 8.0 i586 libgtop1-1.0.12-4.1mdk.i586.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake 8.0 i586 libgtop1-devel-1.0.12-4.1mdk.i586.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake 8.0 ppc libgtop1-1.0.12-4.1mdk.ppc.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake 8.0 ppc libgtop1-devel-1.0.12-4.1mdk.ppc.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake 8.1 i586 libgtop1-1.0.12-4.1mdk.i586.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake 8.1 i586 libgtop1-devel-1.0.12-4.1mdk.i586.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake 8.1 ia64 libgtop1-1.0.12-4.1mdk.ia64.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake 8.1 ia64 libgtop1-devel-1.0.12-4.1mdk.ia64.rpm
  http://www.linux-mandrake.com/en/ftp.php3

GNOME libgtop_daemon 1.0.13

• Debian libgtop-daemon_1.0.13-3.1_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daem on_1.0.13-3.1_alpha.deb


• Debian libgtop-daemon_1.0.13-3.1_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daem on_1.0.13-3.1_arm.deb


• Debian libgtop-daemon_1.0.13-3.1_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daem on_1.0.13-3.1_hppa.deb


• Debian libgtop-daemon_1.0.13-3.1_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daem on_1.0.13-3.1_i386.deb


• Debian libgtop-daemon_1.0.13-3.1_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daem on_1.0.13-3.1_ia64.deb


• Debian libgtop-daemon_1.0.13-3.1_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daem on_1.0.13-3.1_m68k.deb


• Debian libgtop-daemon_1.0.13-3.1_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daem on_1.0.13-3.1_mips.deb


• Debian libgtop-daemon_1.0.13-3.1_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daem on_1.0.13-3.1_mipsel.deb


• Debian libgtop-daemon_1.0.13-3.1_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daem on_1.0.13-3.1_powerpc.deb


• Debian libgtop-daemon_1.0.13-3.1_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daem on_1.0.13-3.1_s390.deb


• Debian libgtop-daemon_1.0.13-3.1_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0 .13-3.1_s390.deb


• Debian libgtop-dev_1.0.13-3.1_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_ 1.0.13-3.1_alpha.deb


• Debian libgtop-dev_1.0.13-3.1_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_ 1.0.13-3.1_arm.deb


• Debian libgtop-dev_1.0.13-3.1_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_ 1.0.13-3.1_hppa.deb


• Debian libgtop-dev_1.0.13-3.1_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_ 1.0.13-3.1_i386.deb


• Debian libgtop-dev_1.0.13-3.1_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_ 1.0.13-3.1_ia64.deb


• Debian libgtop-dev_1.0.13-3.1_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_ 1.0.13-3.1_m68k.deb


• Debian libgtop-dev_1.0.13-3.1_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_ 1.0.13-3.1_mips.deb


• Debian libgtop-dev_1.0.13-3.1_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_ 1.0.13-3.1_mipsel.deb


• Debian libgtop-dev_1.0.13-3.1_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_ 1.0.13-3.1_powerpc.deb


• Debian libgtop-dev_1.0.13-3.1_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_ 1.0.13-3.1_s390.deb


• Debian libgtop-dev_1.0.13-3.1_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_ 1.0.13-3.1_sparc.deb


• Debian libgtop1_1.0.13-3.1_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0 .13-3.1_alpha.deb


• Debian libgtop1_1.0.13-3.1_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0 .13-3.1_arm.deb


• Debian libgtop1_1.0.13-3.1_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0 .13-3.1_hppa.deb


• Debian libgtop1_1.0.13-3.1_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0 .13-3.1_i386.deb


• Debian libgtop1_1.0.13-3.1_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0 .13-3.1_ia64.deb


• Debian libgtop1_1.0.13-3.1_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0 .13-3.1_m68k.deb


• Debian libgtop1_1.0.13-3.1_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0 .13-3.1_mips.deb


• Debian libgtop1_1.0.13-3.1_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0 .13-3.1_mipsel.deb


• Debian libgtop1_1.0.13-3.1_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0 .13-3.1_powerpc.deb


• Debian libgtop1_1.0.13-3.1_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0 .13-3.1_s390.deb


• Debian libgtop1_1.0.13-3.1_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0 .13-3.1_sparc.deb

GNOME libgtop_daemon 1.0.6

• Conectiva 5.0 libgtop-1.0.13-U50_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/5.0/i386/libgtop-1.0.13-U50_2cl.i3 86.rpm


• Conectiva 5.0 libgtop-devel-1.0.13-U50_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/5.0/i386/libgtop-devel-1.0.13-U50_ 2cl.i386.rpm


• Conectiva 5.0 libgtop-devel-static-1.0.13-U50_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/5.0/i386/libgtop-devel-static-1.0. 13-U50_2cl.i386.rpm


• Conectiva 5.0 libgtop-examples-1.0.13-U50_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/5.0/i386/libgtop-examples-1.0.13-U 50_2cl.i386.rpm


• Conectiva ecommerce libgtop-1.0.13-U50_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/libgtop -1.0.13-U50_2cl.i386.rpm


• Conectiva ecommerce libgtop-devel-1.0.13-U50_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/libgtop -devel-1.0.13-U50_2cl.i386.rpm


• Conectiva ecommerce libgtop-devel-static-1.0.13-U50_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/libgtop -devel-static-1.0.13-U50_2cl.i386.rpm


• Conectiva ecommerce libgtop-examples-1.0.13-U50_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/libgtop -examples-1.0.13-U50_2cl.i386.rpm


• Conectiva graficas libgtop-1.0.13-U50_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/libgtop- 1.0.13-U50_2cl.i386.rpm


• Conectiva graficas libgtop-devel-1.0.13-U50_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/libgtop- devel-1.0.13-U50_2cl.i386.rpm


• Conectiva graficas libgtop-devel-static-1.0.13-U50_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/libgtop- devel-static-1.0.13-U50_2cl.i386.rpm


• Conectiva graficas libgtop-examples-1.0.13-U50_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/libgtop- examples-1.0.13-U50_2cl.i386.rpm

GNOME libgtop_daemon 1.0.7

• Conectiva 5.1 libgtop-1.0.13-U51_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/5.1/i386/libgtop-1.0.13-U51_2cl.i3 86.rpm


• Conectiva 5.1 libgtop-devel-1.0.13-U51_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/5.1/i386/libgtop-devel-1.0.13-U51_ 2cl.i386.rpm


• Conectiva 5.1 libgtop-devel-static-1.0.13-U51_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/5.1/i386/libgtop-devel-static-1.0. 13-U51_2cl.i386.rpm


• Conectiva 5.1 libgtop-examples-1.0.13-U51_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/5.1/i386/libgtop-examples-1.0.13-U 51_2cl.i386.rpm


• Mandrake 1.0.1 i586 libgtop-1.0.7-0.2mdk.i586.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake 1.0.1 i586 libgtop-devel-1.0.7-0.2mdk.i586.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake 7.1 i586 libgtop-1.0.7-0.2mdk.i586.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake 7.1 i586 libgtop-devel-1.0.7-0.2mdk.i586.rpm
  http://www.linux-mandrake.com/en/ftp.php3

GNOME libgtop_daemon 1.0.9

• Conectiva 6.0 libgtop-1.0.13-U60_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libgtop-1.0.13-U60_2cl.i3 86.rpm


• Conectiva 6.0 libgtop-devel-1.0.13-U60_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libgtop-devel-1.0.13-U60_ 2cl.i386.rpm


• Conectiva 6.0 libgtop-devel-static-1.0.13-U60_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libgtop-devel-static-1.0. 13-U60_2cl.i386.rpm


• Conectiva 6.0 libgtop-examples-1.0.13-U60_2cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libgtop-examples-1.0.13-U 60_2cl.i386.rpm


• Mandrake 7.2 i586 libgtop-1.0.9-5.1mdk.i586.rpm
  http://www.linux-mandrake.com/en/ftp.php3


• Mandrake 7.2 i586 libgtop-devel-1.0.9-5.1mdk.i586.rpm
  http://www.linux-mandrake.com/en/ftp.php3