Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 92991

Summary: dev-lang/nasm: IEEE_PUTASCII Remote Buffer Overflow
Product: Gentoo Security Reporter: Jean-François Brunette (RETIRED) <formula7>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mr_bones_
Priority: High    
Version: unspecified   
Hardware: All   
OS: Other   
URL: https://bugzilla.redhat.com/beta/show_bug.cgi?id=152962
Whiteboard: B2 [noglsa] formula7
Package list:
Runtime testing required: ---

Description Jean-François Brunette (RETIRED) gentoo-dev 2005-05-17 15:22:03 UTC 
I'm not sure if the 0.98.39 in portage is affected...http://securityfocus.com/bid/13506/info/ says that 0.98.38 and 0.98.35 are vulnerable but CAN-2005-1194 just says 0.98


----------------------------------------------
NASM is prone to a remote buffer overflow vulnerability. This issue affects the 'ieee_putascii()' function.

It is likely that an attacker exploits this issue by crafting a malicious source file to be assembled by the application. This file is sent to an affected user and if the user loads the file in NASM, the attack may result in arbitrary code execution.

The attacker may then gain unauthorized access in the context of the user running NASM.
Comment 1 Jean-François Brunette (RETIRED) gentoo-dev 2005-05-17 15:36:12 UTC 
According to tigger^ 0.98.39 is vulnerable. (Anyway, I didn't see that it was
released on January)
Comment 2 Mr. Bones. (RETIRED) gentoo-dev 2005-05-17 15:57:45 UTC 
Fixed.  Security team can proceed.
Comment 3 Jean-François Brunette (RETIRED) gentoo-dev 2005-05-17 16:08:17 UTC 
Team members, please advise on this one
Comment 4 Jean-François Brunette (RETIRED) gentoo-dev 2005-05-18 05:42:45 UTC 
Here's from the original advisory
(http://sourceforge.net/mailarchive/forum.php?thread_id=7175315&forum_id=4978)

--- nasm-0.98.39/output/outieee.c.overfl 2005-01-15 23:16:08.000000000 +0100
 +++ nasm-0.98.39/output/outieee.c 2005-04-01 12:55:17.231530832 +0200
 @@ -1120,7 +1120,7 @@ static void ieee_putascii(char *format, 
      va_list ap;
  
      va_start(ap, format);
 -    vsprintf(buffer, format, ap);
 +    vsnprintf(buffer, sizeof(buffer), format, ap);
      l = strlen(buffer);
      for (i = 0; i < l; i++)
          if ((buffer[i] & 0xff) > 31)
Comment 5 Jean-François Brunette (RETIRED) gentoo-dev 2005-05-18 05:47:53 UTC 
It's here in CVS:
http://sourceforge.net/mailarchive/forum.php?thread_id=7218790&forum_id=9091
Comment 6 Mr. Bones. (RETIRED) gentoo-dev 2005-05-18 07:16:05 UTC 
Why are we still talking about this?  It's fixed in portage already.  Security
team, do your announce thing and let's move on.
Comment 7 Jean-François Brunette (RETIRED) gentoo-dev 2005-05-18 07:27:31 UTC 
Closing without GLSA, because it relies on a too dumb user to work.