Multiple Vendor dip Buffer Overflow Vulnerability

Multiple Vendor dip Buffer Overflow Vulnerability

A buffer overflow resides in 'dip-3.3.7o' and derived programs. This is a problem only on systems where 'dip' is installed setuid. The culpable code is an 'sprintf()' in line 192 in 'main.c':

sprintf(buf, "%s/LCK..%s", _PATH_LOCKD, nam);