First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 229157
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
core_net.c.patch tmsnc-UBX-buffer-overflow-CVE-2008-2828 patch Pierre-Yves Rofes 2008-07-06 21:25 0000 600 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 229157 depends on: 240045 Show dependency tree
Bug 229157 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-06-24 01:49 0000 
CVE-2008-2828 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2828):
  Stack-based buffer overflow in tmsnc allows remote attackers to cause a
  denial of service (crash) and possibly execute arbitrary code via an MSN
  packet with a UBX commands containing a large UBX payload length field.

------- Comment #1 From Pierre-Yves Rofes 2008-07-06 21:25:22 0000 ------- 
Created an attachment (id=159737) [details]
tmsnc-UBX-buffer-overflow-CVE-2008-2828

here's the patch from Nico Golde. net-im, please bump as necessary.

------- Comment #2 From Pierre-Yves Rofes 2008-07-21 20:25:01 0000 ------- 
(In reply to comment #1)
> Created an attachment (id=159737) [edit] [details]
> tmsnc-UBX-buffer-overflow-CVE-2008-2828
> 
> here's the patch from Nico Golde. net-im, please bump as necessary.
> 

*ping*

------- Comment #3 From Robert Buchholz 2008-10-04 19:05:58 0000 ------- 
+*tmsnc-0.3.2-r1 (04 Oct 2008)
+
+  04 Oct 2008; Robert Buchholz <rbu@gentoo.org>
+  +files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch,
+  +tmsnc-0.3.2-r1.ebuild:
+  Fix stack based buffer overflow (security bug #229157)
+

------- Comment #4 From Robert Buchholz 2008-10-04 19:10:27 0000 ------- 
Arches, please test and mark stable:
=net-im/tmsnc-0.3.2-r1
Target keywords : "amd64 hppa ppc x86"

------- Comment #5 From Jeroen Roovers 2008-10-05 17:31:28 0000 ------- 
Hmm, I get "The protocols doesn't match"[sic] during login. Any ideas?

------- Comment #6 From Stefan Behte 2008-10-05 18:09:54 0000 ------- 
In June/July there has been a protocol change in ICQ, all ICQ clients were
affected.
tmsnc is discontinued, their SVN tree
(http://tmsnc.svn.sourceforge.net/viewvc/tmsnc/so) is 2 years old.
If 0.3.2 does not work anymore, it's very likely we won't get a fix.

Proposed solutions:
a) we fix it 
b) remove it from the tree

Also see:
http://forums.gentoo.org/viewtopic-t-698545-highlight-licq.html

------- Comment #7 From Robert Buchholz 2008-10-05 18:22:47 0000 ------- 
I guess I should have tried more than a program startup.

I'm removing arches, let's remove this.

------- Comment #8 From Olivier Crete 2009-03-01 21:04:18 0000 ------- 
gone from the tree

------- Comment #9 From Robert Buchholz 2009-03-02 16:11:28 0000 ------- 
glsa still to be sent

------- Comment #10 From Robert Buchholz 2009-03-12 14:03:17 0000 ------- 
GLSA 200903-26
First Last Prev Next    No search results available      Search page      Enter new bug