jheretic
commented
10 years ago This issue is no longer relevant, as this part of the daemon has been completely rewritten.
Closed areynold closed 10 years ago
jheretic
commented
10 years ago This issue is no longer relevant, as this part of the daemon has been completely rewritten.
encountered null pointer dereference in commotion command line client triggered by passing command names larger than 32 bytes (MSG_TARGET_SIZE defined in msg.h).
This vulnerability has limited impact as only client program crashes and commotiond server stays intact, ready to serve future clients.
Originally reported as WRT-01-009