Pi3Ki31Ny

Name of the Vulnerable Software and Affected Versions: GNATS versions 4.0 through 4.1.0 GNATS versions prior to 4.0 Description: The issue arises from improper file checking in the gen-index component when installed setuid, allowing local users to overwrite arbitrary files by exploiting the -o argument. This enables write access to files that should be restricted. Recommendations: For GNATS versions 4.0 through 4.1.0, consider restricting the use of the gen-index component when installed setuid to minimize the risk of exploitation. For GNATS versions prior to 4.0, restrict the use of the gen-index component when installed setuid to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 0verkill version 0.15pre3 **Description** The issue is related to multiple buffer overflows that could allow local users to execute arbitrary code in the client via a long HOME environment variable in the load cfg and save cfg functions. Additionally, it might allow remote attackers to execute arbitrary code via long strings to the send message function, and in the server, via the parse command line function. **Recommendations** For 0verkill version 0.15pre3, as a temporary workaround, consider restricting the length of the HOME environment variable and input strings to the send message and parse command line functions until a patch is available. Avoid using long strings in these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.