VULHUB ™

A vulnerability has been discovered in Portmon version 1.8 and earlier. The problem occurs due to insufficient bounds checking performed before copying the USER environment variable into an internal memory buffer. This could allow a malicious local user to potentially corrupt Portmon memory, ultimately allowing for the execution of arbitrary code. It should be noted that Portmon may not be installed setuid root by default, however a configuration option exists which allows an administrator to specify that the utility should in fact be installed setuid.

A vulnerability has been discovered in Portmon version 1.8 and earlier. The problem occurs due to insufficient bounds checking performed before copying the USER environment variable into an internal memory buffer. This could allow a malicious local user to potentially corrupt Portmon memory, ultimately allowing for the execution of arbitrary code. It should be noted that Portmon may not be installed setuid root by default, however a configuration option exists which allows an administrator to specify that the utility should in fact be installed setuid.