Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 106896
Alias:
Product:
Component:
Status: RESOLVED
Resolution: DUPLICATE of bug 107351
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 106896 depends on: Show dependency tree
Bug 106896 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-09-22 09:24 0000 
CESA-2005-004 - rev 1 
 
Abiword RTF import stack-based buffer overflow 
============================================== 
 
Programs affected: Abiword, possibly unpatched MacOSX, others? 
Severity: Arbitrary code execution. 
Discovered date: Forgotten 
Vendor notified date: Sep 22nd 2005 
 
Demo RTF: http://scary.beasts.org/misc/out153.rtf 
(Simple RTF fuzz test suite at http://scary.beasts.org/misc/badrtfs.tar.bz2) 
 
rpm -q abiword 
abiword-2.2.9-2.fc4 
 
Resultant stack trace includes 0x41414141 (AAAA) on the stack: 
 
(gdb) bt 
#0  0x00fea976 in fread () from /lib/libc.so.6 
#1  0x081d1d3d in IE_Imp_RTF::ReadCharFromFileWithCRLF () 
#2  0x081d1da4 in IE_Imp_RTF::ReadCharFromFile () 
#3  0x081dd106 in IE_Imp_RTF::ReadOneFontFromTable () 
#4  0x41414141 in ?? () 
 
CESA-2005-004 - rev 1 
Chris Evans 
scarybeasts@gmail.com

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-09-27 00:13:55 0000 ------- 
Now public on bug #107351 

*** This bug has been marked as a duplicate of 107351 ***
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug