First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 64947
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matthias Geerdsen <vorlon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
latex2rtf.patch extracted Debian patch patch Matthias Geerdsen 2004-09-22 03:37 0000 1.32 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 64947 depends on: Show dependency tree
Bug 64947 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-09-22 03:35 0000 
from SecurityTracker Alert ID: 1011367

Date:  Sep 21 2004
Impact:  Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 1.9.15
Description:
A vulnerability was reported in LaTeX2rtf. A remote user can create a specially crafted file that, when processed by LaTeX2rtf, will cause arbitrary code to be executed on the target system.

D. J. Bernstein reported that there is a buffer overflow in expandmacro() when copying user-supplied data. The overflow can be triggered to execute arbitrary code.

It is reported that there are buffer overflows in other parts of the code, including Environments and the TranslateCommand.
Impact:  A remote user can create a document that, when processed by the target user, will execute arbitrary code on the target user's system with the privileges of the target user.

Solution:
No solution was available at the time of this entry.
______________________________

Mail from DJB including an exploit can be found at http://securesoftware.list.cr.yp.to/archive/0/09

Debian Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=272612
The full Debian patchset can be found at http://http.us.debian.org/debian/pool/main/l/latex2rtf/latex2rtf_1.9.15-2.diff.gz

latex2rdf is currenly ~arch masked

------- Comment #1 From Matthias Geerdsen 2004-09-22 03:37:26 0000 ------- 
Created an attachment (id=40153) [edit]
extracted Debian patch

This patch was extracted from the Debian patch set, it should be the relevant
one... please double check.

DJB noted btw, that there are more buffer overflows in latex2rdf.

------- Comment #2 From Matthias Geerdsen 2004-09-22 03:42:04 0000 ------- 
s/latex2rdf/latex2rtf/ in comments ;-)

------- Comment #3 From Matthias Geerdsen 2004-09-23 04:56:42 0000 ------- 
text-markup, can you look into this and apply the patch if appropriate

------- Comment #4 From Matthias Geerdsen 2004-09-27 09:37:31 0000 ------- 
text-markup herd, could you please create a new ebuild to fix this
vulnerability

this bug is now about 5 days old

------- Comment #5 From Mamoru KOMACHI (RETIRED) 2004-09-27 19:52:37 0000 ------- 
Sorry for the delay (I was not reading emails this weekend). I'll look into
this one.

------- Comment #6 From Mamoru KOMACHI (RETIRED) 2004-09-27 22:40:24 0000 ------- 
I've verified and committed latex2rtf-1.9.15-r2.ebuild (and p.masked
1.9.15-r1).

------- Comment #7 From Matthias Geerdsen 2004-09-28 04:38:13 0000 ------- 
Thanks usata :)

Closing, since keywords appear to be right already and no GLSA is needed (~arch packet).
First Last Prev Next    No search results available      Search page      Enter new bug