{"vuid":"VU#705771","idnumber":"705771","name":"gtop daemon contains buffer overflow","keywords":["libgtop_daemon","buffer overflow"],"overview":"A buffer overflow exists in the gtop daemon.","clean_desc":"A buffer overflow in gtopd, specifically permitted(), may allow a remote attacker to execute arbitrary code. For more detailed information, please see Flavio Veloso's analysis. gtop background information Many Unix systems allow only privileged processes to access information about other running processes. For example, an unprivileged process will typically not have the ability to acquire details regarding the memory or CPU usage of another process. As a result of these limitations, system utilities like uptime or top are frequently setuid root or setgid kmem. This makes it difficult to write a graphical system utility like cpumemusage or gtop because making a GTK+ program setgid or setuid would introduce additional security risks. The gtop daemon was designed to access this type of privileged information and disseminate it to the unprivileged applications requesting privileged data such as memory and CPU usage. Therefore, gtop is a setgid/setuid server designed to run on a host and gather privileged information and pass it to GUI clients.","impact":"A remote attacker may be able to execute arbitrary code with elevated privileges. Depending on the particular way gtop is built and implemented, it may also be possible for an attacker to read kernel memory. The ability to read kernel data is particularly dangerous because there is often sensitive data such as terminal activity, network traffic, and other types of privileged information residing in kernel memory space. Because of this, it may be possible for an attacker to leverage this vulnerability to gain root access to the local system, and possibly other systems interacting with the host running the gtop daemon.","resolution":"Apply a patch from your vendor.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by Flavio Veloso.","author":"This document was written by Ian A. Finlay.","public":["http://www.securityfocus.com/archive/1/242922","http://www.securityfocus.com/bid/3594"],"cveids":["CVE-2001-0928"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-12-03T17:58:04Z","publicdate":"2001-11-28T00:00:00Z","datefirstpublished":"2003-08-19T19:51:42Z","dateupdated":"2003-08-19T19:55:44Z","revision":49,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"5","cam_impact":"19","cam_easeofexploitation":"18","cam_attackeraccessrequired":"15","cam_scorecurrent":"9.61875","cam_scorecurrentwidelyknown":"12.0234375","cam_scorecurrentwidelyknownexploited":"21.6421875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":9.61875,"vulnote":null}