Gentoo Bug 93351 - dev-embedded/picasm: Remote Buffer Overflow

First Last Prev Next No search results available Search page Enter new bug

Bug#:	93351
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Jean-François Brunette (RETIRED) <formula7@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 93351 depends on:			Show dependency tree Show dependency graph
Bug 93351 blocks:			Show dependency tree Show dependency graph

Additional Comments: (this is where you put emerge --info)

Add to CC list

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-05-20 11:09 0000

Picasm is affected by a remote buffer overflow vulnerability.

An attacker can exploit this issue by supplying an excessive 'error' directive.

If successfully exploited, this issue can allow a remote attacker to gain access to the affected computer in the context of the user running the application.

Picasm 1.12b and prior versions are vulnerable to this issue.

------- Comment #1 From Jean-François Brunette (RETIRED) 2005-05-20 11:54:17 0000 -------

dragonheart, please bump to 1.12c

http://www.co.jyu.fi/~trossi/pic/

------- Comment #2 From Daniel Black 2005-05-20 16:49:11 0000 -------

added and stable.

------- Comment #3 From Jean-François Brunette (RETIRED) 2005-05-20 17:44:09 0000 -------

Thanks dragonheart.

Security members, time to vote if we should issue a GLSA
(because this vulnerability is similar to the nasm one)

------- Comment #4 From Thierry Carrez (RETIRED) 2005-05-21 02:11:14 0000 -------

I would class it in the same vein as NASM : the exploit profile looks a little
too unlikely to me, and exploit is in a readable source file. So I tend to vote
NO the same.

The only thing bothering me is that every other distribution issued advisories
on NASM and we'll probably have to deal with questions about it soon.

------- Comment #5 From Sune Kloppenborg Jeppesen 2005-05-30 08:14:03 0000 -------

Voting a full NO, this seems tricky to exploit.

------- Comment #6 From Thierry Carrez (RETIRED) 2005-05-30 08:16:56 0000 -------

Then we are done.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 93351

dev-embedded/picasm: Remote Buffer Overflow

Last modified: 2005-05-30 08:16:56 0000