Input validation error in dtach - CVE-2012-3368

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.

How to mitigate CVE-2012-3368

Sources

• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302
• http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357
• http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
• https://bugzilla.redhat.com/show_bug.cgi?id=812551
• https://bugzilla.redhat.com/show_bug.cgi?id=835849