lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 1 Sep 2008 16:43:57 +0100
From: Rob Holland <rob@...rt.org>
To: bugtraq@...urityfocus.com
Subject: [oCERT-2008-014] WordNet stack and heap overflows

2008/08/25 #2008-014 WordNet stack and heap overflows

Description:

The WordNet 3.0 Unix library and command-line interface suffer from a
number of stack overflows due to their handling of command line  
arguments,
environment variables and data read from user supplied dictionaries.

The oCERT team was contacted by Moritz Muehlenhoff from the Debian
project requesting an audit of the WordNet code base. These  
vulnerabilities
were the findings of the requested audit.

Stack overflows fed via the command line, environment variables or
WordNet library calls can result in arbitrary code execution.

Stack and heap overflows via modified WordNet dictionaries may allow  
arbitrary
code execution.

It should be noted that despite the ease with which arbitrary code can
be executed via these WordNet flaws, unless WordNet is being used by a  
daemon or web
service running as a user other than that of the attacker, this is  
unlikely to
result in privilege escalation or the ability to take any action not  
already
possible as the attacking user.

The following patch fixes the issues:
http://www.ocert.org/analysis/2008-014/wordnet.patch

Affected version:

WordNet = 3.0

Fixed version:

Princeton unfortunately lack the resources to produce a new release of  
this
code and will therefore not be releasing a new version as a result of  
this
audit.

Credit: Rob Holland, oCERT Team | Inverse Path Ltd

CVE: TBD

Timeline:

2008-06-02: audit requested
2008-06-25: first phase audit completed
2008-07-15: second phase audit completed
2008-07-19: report and patch sent upstream and to audit requester
2008-08-12: report and patch resent upstream due to lack of response
2008-08-13: upstream acknowledge issues
2008-09-01: advisory release

References:
http://www.ocert.org/analysis/2008-014/analysis.txt: oCERT  
vulnerability analysis report

Permalink:
http://www.ocert.org/advisories/ocert-2008-014.html

--
Rob Holland
rob@...rt.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ