91303 2005-05-03 06:35 0000 net-proxy/oops: auth() Format String Flaw 2005-05-05 15:36:16 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All All RESOLVED FIXED http://securitytracker.com/alerts/2005/May/1013864.html B1? [glsa] jaervosz P2 normal --- 1 formula7@gentoo.org security@gentoo.org net-proxy@gentoo.org formula7@gentoo.org 2005-05-03 06:35:51 0000 CVE Reference: CAN-2005-1121 (Links to External Site) Version(s): 1.5.23 and prior versions Description: A format string vulnerability was reported in Oops! A remote user may be able to execute arbitrary code. The passwd_mysql/passwd_pgsql module auth() function contains a call to the my_xlog() function that does not include a format string specifier. A remote user can supply a specially crafted HTTP request to trigger the vulnerability and cause the service to crash or execute arbitrary code. A demonstration exploit request is provided: GET http://%s%s%s%s%s%s%s%s/ HTTP/1.0 Host: ghc.ru Proxy-Authorization: Basic Z2hjOnJzdA== The flaw resides in 'passwd_sql.c'. Edisan from RST/GHC reported this vulnerability. Impact: A remote user can cause the service to crash or execute arbitrary code. Solution: A patch is available at: http://zipper.paco.net/~igor/oops/diff_from_1.5.23.patch.gz jaervosz@gentoo.org 2005-05-03 13:26:25 0000 net-proxy please advise. mrness@gentoo.org 2005-05-03 15:36:10 0000 bug confirmed. I've bumped version to the current 1.5.24 pre-release and marked as stable on x86. gustavoz@gentoo.org 2005-05-04 06:36:52 0000 sparc done. lewk@gentoo.org 2005-05-05 15:36:16 0000 GLSA 200505-02, thanks everyone!