| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: phantasmal at hush.ai (Phantasmal Phantasmagoria) Subject: [SECURITY] [DSA 590-1] New gnats packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 09 Nov 2004 09:57:27 -0600 Martin Schulze wrote: >Package : gnats >Vulnerability : format string vulnerability >Problem-Type : remote >Debian-specific: no >CVE ID : CAN-2004-0623 >BugTraq ID : 10609 >Debian Bug : 278577 > >Khan Shirani discovered a format string vulnerability in gnats, >the >GNU problem report management system. This problem may be >exploited >to execute arbitrary code. > >For the stable distribution (woody) this problem has been fixed in >version 3.999.beta1+cvs20020303-2. > >For the unstable distribution (sid) this problem has been fixed in >version 4.0-7. > >We recommend that you upgrade your gnats package. > There are exactly zero ways of exploiting this "moderately critical" [1] vulnerability. In fact, it's not a vulnerability at all. If Shirani had done a two minute check of the relevant log_msg() calls (i.e. those with a severity of LOG_ERR as opposed to LOG_INFO) he would of found zero instances of user supplied data being used as an argument. Before someone embarrasses themselves please take note that the LOG_ INFO severity log_msg() calls do not get passed to syslog(), as debug_level can only be set to LOG_INFO by a call to enable_debugging(), of which there are none. [1] http://secunia.com/advisories/11069/ Yours pedantically, Phantasmal Phantasmagoria -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkGUQlwACgkQImcz/hfgxg1+mwCdFH7rMkN3gDZ05JbX7HyslOG+S7QA nj9OpMofUOIqMDGvHYKJ7vDWtFos =ukH9 -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427
Powered by blists - more mailing lists