Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 92991 - dev-lang/nasm: IEEE_PUTASCII Remote Buffer Overflow
Summary: dev-lang/nasm: IEEE_PUTASCII Remote Buffer Overflow
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Other
: High normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/beta/show...
Whiteboard: B2 [noglsa] formula7
Keywords:
Depends on:
Blocks:
 
Reported: 2005-05-17 15:22 UTC by Jean-François Brunette (RETIRED)
Modified: 2005-05-18 07:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jean-François Brunette (RETIRED) gentoo-dev 2005-05-17 15:22:03 UTC
I'm not sure if the 0.98.39 in portage is affected...http://securityfocus.com/bid/13506/info/ says that 0.98.38 and 0.98.35 are vulnerable but CAN-2005-1194 just says 0.98


----------------------------------------------
NASM is prone to a remote buffer overflow vulnerability. This issue affects the 'ieee_putascii()' function.

It is likely that an attacker exploits this issue by crafting a malicious source file to be assembled by the application. This file is sent to an affected user and if the user loads the file in NASM, the attack may result in arbitrary code execution.

The attacker may then gain unauthorized access in the context of the user running NASM.
Comment 1 Jean-François Brunette (RETIRED) gentoo-dev 2005-05-17 15:36:12 UTC
According to tigger^ 0.98.39 is vulnerable. (Anyway, I didn't see that it was
released on January)
Comment 2 Mr. Bones. (RETIRED) gentoo-dev 2005-05-17 15:57:45 UTC
Fixed.  Security team can proceed.
Comment 3 Jean-François Brunette (RETIRED) gentoo-dev 2005-05-17 16:08:17 UTC
Team members, please advise on this one
Comment 4 Jean-François Brunette (RETIRED) gentoo-dev 2005-05-18 05:42:45 UTC
Here's from the original advisory
(http://sourceforge.net/mailarchive/forum.php?thread_id=7175315&forum_id=4978)

--- nasm-0.98.39/output/outieee.c.overfl 2005-01-15 23:16:08.000000000 +0100
 +++ nasm-0.98.39/output/outieee.c 2005-04-01 12:55:17.231530832 +0200
 @@ -1120,7 +1120,7 @@ static void ieee_putascii(char *format, 
      va_list ap;
  
      va_start(ap, format);
 -    vsprintf(buffer, format, ap);
 +    vsnprintf(buffer, sizeof(buffer), format, ap);
      l = strlen(buffer);
      for (i = 0; i < l; i++)
          if ((buffer[i] & 0xff) > 31)
Comment 5 Jean-François Brunette (RETIRED) gentoo-dev 2005-05-18 05:47:53 UTC
It's here in CVS:
http://sourceforge.net/mailarchive/forum.php?thread_id=7218790&forum_id=9091
Comment 6 Mr. Bones. (RETIRED) gentoo-dev 2005-05-18 07:16:05 UTC
Why are we still talking about this?  It's fixed in portage already.  Security
team, do your announce thing and let's move on.
Comment 7 Jean-François Brunette (RETIRED) gentoo-dev 2005-05-18 07:27:31 UTC
Closing without GLSA, because it relies on a too dumb user to work.