121009 – python: stack smashing attack

Bug 121009 - python: stack smashing attack

Summary: python: stack smashing attack

Status:	RESOLVED DUPLICATE of bug 120846

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Linux bug wranglers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-01-30 22:14 UTC by Barbu Eros Iulian
Modified:	2006-01-30 23:46 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Barbu Eros Iulian 2006-01-30 22:14:43 UTC

emerge pycrypto
Calculating dependencies  ...done!
>>> emerge (1 of 1) dev-python/pycrypto-2.0.1-r1 to /
python: stack smashing attack in function sha_done()
Aborted
--------------------
emerge portage
Calculating dependencies  ...done!
>>> emerge (1 of 1) sys-apps/portage-2.1_pre4-r1 to /
>>> Downloading ftp://ftp.roedu.net/pub/mirrors/gentoo.org/distfiles/portage-2.1_pre4.tar.bz2
--08:13:09--  ftp://ftp.roedu.net/pub/mirrors/gentoo.org/distfiles/portage-2.1_pre4.tar.bz2
           => `/usr/portage/distfiles/portage-2.1_pre4.tar.bz2'
Resolving ftp.roedu.net... 141.85.128.58
Connecting to ftp.roedu.net|141.85.128.58|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done.    ==> PWD ... done.
==> TYPE I ... done.  ==> CWD /pub/mirrors/gentoo.org/distfiles ... done.
==> PASV ... done.    ==> RETR portage-2.1_pre4.tar.bz2 ... done.
Length: 249,753 (244K) (unauthoritative)

100%[====================================>] 249,753     1006.46K/s

08:13:10 (1003.79 KB/s) - `/usr/portage/distfiles/portage-2.1_pre4.tar.bz2' saved [249753]

>>> checksums files   ;-) portage-2.1_pre4-r1.ebuild
>>> checksums files   ;-) portage-2.0.53.ebuild
>>> checksums files   ;-) portage-2.1_pre3-r1.ebuild
>>> checksums files   ;-) portage-2.0.54.ebuild
>>> checksums files   ;-) portage-2.0.51.22-r3.ebuild
>>> checksums files   ;-) files/05portage.envd
>>> checksums files   ;-) files/2.0.51.22-fixes.patch
>>> checksums files   ;-) files/xterm-titles.patch
>>> checksums files   ;-) files/digest-portage-2.0.53
>>> checksums files   ;-) files/digest-portage-2.0.54
python: stack smashing attack in function sha_done()
Aborted

Comment 1 Barbu Eros Iulian 2006-01-30 22:15:22 UTC

Portage 2.1_pre3-r1 (default-linux/x86/2005.0, gcc-3.4.5, glibc-2.3.6-r2, 2.6.15-gentoo-r1 i686)
=================================================================
System uname: 2.6.15-gentoo-r1 i686 Intel(R) Pentium(R) 4 CPU 1.50GHz
Gentoo Base System version 1.12.0_pre15
ccache version 2.4 [enabled]
dev-lang/python:     2.4.2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r3
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O3 -march=pentium4 -mtune=pentium4 -pipe -ftracer -fforce-addr -falign-functions=32 -mfpmath=sse -fprefetch-loop-arrays -momit-leaf-frame-pointer -fomit-frame-pointer -ffast-math -fexpensive-optimizations"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O3 -march=pentium4 -mtune=pentium4 -pipe -ftracer -fforce-addr -falign-functions=32 -mfpmath=sse -fprefetch-loop-arrays -momit-leaf-frame-pointer -fomit-frame-pointer -ffast-math -fexpensive-optimizations -fvisibility-inlines-hidden -fvisibility=hidden"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig buildpkg candy ccache distlocks moo prelink sandbox sfperms strict userpriv usersandbox"
GENTOO_MIRRORS="ftp://ftp.roedu.net/pub/mirrors/gentoo.org/"
LDFLAGS="-Wl,-O1 -Wl,--enable-new-dtags -Wl,--sort-common -s"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://gentoo.umfiasi.ro/gentoo-portage/"
USE="x86 3dnow 3dnowext X aalib acl alsa apm arts audiofile avi berkdb bitmap-fonts bzip2 cdb cdr chm cpudetection crypt cups curl dba eds emboss encode esd exif expat fam ffmpeg flac foomaticdb fortran gd gdbm gif gimp gimpprint glut gmp gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml hal howl idn imagemagick imlib java jpeg junit lcms libbeagle libcaca libg++ libwww mad matroska mhash mikmod mmx mmxext mng mono motif mozilla mp3 mpeg mysql ncurses nls nvidia ogg oggvorbis opengl oss pam pcre pdf pdflib perl png python qt quicktime readline real recode samba scanner sdl skey slang sms snmp speex spell sqlite sse sse2 ssl svg svga tcltk tcpd tiff truetype truetype-fonts type1-fonts udev usb vorbis webservices win32codecs wmf wxgtk1 xine xml2 xmms xv xvid yahoo zlib elibc_glibc kernel_linux userland_GNU"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LINGUAS

Comment 2 Jakub Moc (RETIRED) gentoo-dev

2006-01-30 23:46:39 UTC


*** This bug has been marked as a duplicate of 120846 ***