92991 2005-05-17 15:22 0000 dev-lang/nasm: IEEE_PUTASCII Remote Buffer Overflow 2005-05-18 07:27:31 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Other RESOLVED FIXED https://bugzilla.redhat.com/beta/show_bug.cgi?id=152962 B2 [noglsa] formula7 P2 normal --- 1 formula7@gentoo.org security@gentoo.org mr_bones_@gentoo.org formula7@gentoo.org 2005-05-17 15:22:03 0000 I'm not sure if the 0.98.39 in portage is affected...http://securityfocus.com/bid/13506/info/ says that 0.98.38 and 0.98.35 are vulnerable but CAN-2005-1194 just says 0.98 ---------------------------------------------- NASM is prone to a remote buffer overflow vulnerability. This issue affects the 'ieee_putascii()' function. It is likely that an attacker exploits this issue by crafting a malicious source file to be assembled by the application. This file is sent to an affected user and if the user loads the file in NASM, the attack may result in arbitrary code execution. The attacker may then gain unauthorized access in the context of the user running NASM. formula7@gentoo.org 2005-05-17 15:36:12 0000 According to tigger^ 0.98.39 is vulnerable. (Anyway, I didn't see that it was released on January) mr_bones_@gentoo.org 2005-05-17 15:57:45 0000 Fixed. Security team can proceed. formula7@gentoo.org 2005-05-17 16:08:17 0000 Team members, please advise on this one formula7@gentoo.org 2005-05-18 05:42:45 0000 Here's from the original advisory (http://sourceforge.net/mailarchive/forum.php?thread_id=7175315&forum_id=4978) --- nasm-0.98.39/output/outieee.c.overfl 2005-01-15 23:16:08.000000000 +0100 +++ nasm-0.98.39/output/outieee.c 2005-04-01 12:55:17.231530832 +0200 @@ -1120,7 +1120,7 @@ static void ieee_putascii(char *format, va_list ap; va_start(ap, format); - vsprintf(buffer, format, ap); + vsnprintf(buffer, sizeof(buffer), format, ap); l = strlen(buffer); for (i = 0; i < l; i++) if ((buffer[i] & 0xff) > 31) formula7@gentoo.org 2005-05-18 05:47:53 0000 It's here in CVS: http://sourceforge.net/mailarchive/forum.php?thread_id=7218790&forum_id=9091 mr_bones_@gentoo.org 2005-05-18 07:16:05 0000 Why are we still talking about this? It's fixed in portage already. Security team, do your announce thing and let's move on. formula7@gentoo.org 2005-05-18 07:27:31 0000 Closing without GLSA, because it relies on a too dumb user to work.