First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 80267
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Luke Macken (RETIRED) <lewk@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 80267 depends on: Show dependency tree
Show dependency graph
Bug 80267 blocks:

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-01-31 16:12 0000 
TITLE:
Dante FD_SET Overflow Vulnerability

SECUNIA ADVISORY ID:
SA14071

VERIFY ADVISORY:
http://secunia.com/advisories/14071/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
>From local network

SOFTWARE:
Dante 1.x
http://secunia.com/product/4583/

DESCRIPTION:
3APA3A has reported a vulnerability in Dante, which can be exploited
by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a missing boundary check when
doing "FD_SET()" operations. This can be exploited to cause a buffer
overflow in certain configurations by establishing multiple
concurrent connections.

The vulnerability has been reported in version 1.1. Other versions
may also be affected.

SOLUTION:
Update to version 1.1.15.
http://www.inet.no/dante/

PROVIDED AND/OR DISCOVERED BY:
3APA3A

ORIGINAL ADVISORY:
Inferno Nettverk:
http://www.inet.no/dante/advisory-2005-01-28

3APA3A:
http://www.security.nnov.ru/advisories/sockets.asp

------- Comment #1 From Luke Macken (RETIRED) 2005-01-31 16:14:44 0000 ------- 
agriffis, there is no metadata for this package, and you were the last one to
bump it, so please update bump to 1.1.15

------- Comment #2 From petre rodan (RETIRED) 2005-02-02 23:39:40 0000 ------- 
version bumped. please test and mark stable for your arch

------- Comment #3 From Markus Rothe 2005-02-03 04:09:19 0000 ------- 
just works. stable on ppc64

------- Comment #4 From Gustavo Zacarias (RETIRED) 2005-02-03 05:53:58 0000 ------- 
sparc good.

------- Comment #5 From Olivier Crete 2005-02-03 09:18:40 0000 ------- 
x86 stable

------- Comment #6 From Bryan Østergaard (RETIRED) 2005-02-04 13:03:57 0000 ------- 
Stable on alpha.

------- Comment #7 From Michael Hanselmann (hansmi) (RETIRED) 2005-02-04 14:05:10 0000 ------- 
Sorry for the delay. Stable on ppc.

------- Comment #8 From Jan Brinkmann (RETIRED) 2005-02-04 15:22:05 0000 ------- 
stable on amd64

------- Comment #9 From SpanKY 2005-02-06 02:43:35 0000 ------- 
arm/hppa/ia64/s390 stable

------- Comment #10 From Thierry Carrez (RETIRED) 2005-02-06 09:21:30 0000 ------- 
Please vote: only very specific conf affected -> NO ?

------- Comment #11 From Sune Kloppenborg Jeppesen 2005-02-06 11:16:02 0000 ------- 
I vote for no GLSA here as well. Lewk?

------- Comment #12 From Luke Macken (RETIRED) 2005-02-07 05:29:24 0000 ------- 
Closing without GLSA.

------- Comment #13 From Hardave Riar (RETIRED) 2005-02-17 23:40:40 0000 ------- 
Stable on mips.
First Last Prev Next    No search results available      Search page      Enter new bug