Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!

Full Text Bug Listing

I'm not sure if the 0.98.39 in portage is
affected...http://securityfocus.com/bid/13506/info/ says that 0.98.38 and
0.98.35 are vulnerable but CAN-2005-1194 just says 0.98


----------------------------------------------
NASM is prone to a remote buffer overflow vulnerability. This issue affects the
'ieee_putascii()' function.

It is likely that an attacker exploits this issue by crafting a malicious
source file to be assembled by the application. This file is sent to an
affected user and if the user loads the file in NASM, the attack may result in
arbitrary code execution.

The attacker may then gain unauthorized access in the context of the user
running NASM.

According to tigger^ 0.98.39 is vulnerable. (Anyway, I didn't see that it was
released on January)

Fixed.  Security team can proceed.

Team members, please advise on this one

Here's from the original advisory
(http://sourceforge.net/mailarchive/forum.php?thread_id=7175315&forum_id=4978)

--- nasm-0.98.39/output/outieee.c.overfl 2005-01-15 23:16:08.000000000 +0100
 +++ nasm-0.98.39/output/outieee.c 2005-04-01 12:55:17.231530832 +0200
 @@ -1120,7 +1120,7 @@ static void ieee_putascii(char *format, 
      va_list ap;
  
      va_start(ap, format);
 -    vsprintf(buffer, format, ap);
 +    vsnprintf(buffer, sizeof(buffer), format, ap);
      l = strlen(buffer);
      for (i = 0; i < l; i++)
          if ((buffer[i] & 0xff) > 31)

It's here in CVS:
http://sourceforge.net/mailarchive/forum.php?thread_id=7218790&forum_id=9091

Why are we still talking about this?  It's fixed in portage already.  Security
team, do your announce thing and let's move on.

Closing without GLSA, because it relies on a too dumb user to work.