lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 16 Jan 2008 02:19:02 +0300
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [FDSA] Multiple Vulnerabilities in Your
	Computer (all versions)




Well, I cant' say it's all fake... It's all junk.

FD> OpenSSL 0.9.7j
FD>   openssl-0.9.7j/fips-1.0/aes/fips_aesavs.c 973: User supplied data
FD> copied into fixed length buffer on the stack with no length
FD> verification.

Buffer  overflow in non-suid test application (not compiled by default).
Not security.

FD> SSH 3.2.9.1
FD>   ssh-3.2.9.1/lib/zlib/contrib/minizip/minizip.c 187: User supplied
FD> data copied into fixed length buffer on the stack with no length
FD> verification.

Identical to CVE-2007-1657 and is probably fixed in the same time. Local
overflow in non-suid application (minizip). Do not affect SSH. Only this
one can be considered as low risk vulnerability.

FD> Apache 1.3.37
FD>   src/regex/split.c 164: User supplied data copied into fixed length
FD> buffer on the stack with no length verification.

Local  buffer  overflow  in  non-suid  test  application,  which  is not
compiled by default. Not security.

FD> Samba 3.0.25b
FD>   samba-3.0.25b/source/popt/poptparse.c 27: Integer overflow in size_t
FD> which is later used in heap allocation. Buffer then copied into this
FD> memory resulting in heap overflow.

This one is fake.

    size_t nb = (argc + 1) * sizeof(*argv);

    ...
    
        nb += strlen(argv[i]) + 1;

    ...
        
    dst = malloc(nb);
        
Mathematical  provement:

nb <= memory already allocated for argc and argv < size of address space
nb < size of address space
QED


-- 
~/ZARAZA http://securityvulns.com/
Всегда будем рады послушать ваше чириканье (Твен)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ