Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 72371
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: JG <jg@cms.ac>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
0.7.14-overflow.patch 0.7.14-overflow.patch patch Luke Macken (RETIRED) 2004-11-24 10:47 0000 405 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 72371 depends on: Show dependency tree
Bug 72371 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-11-24 10:35 0000 
http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1115.html

quote:
------------
2. The bug:
------------

The program doesn't correctly manage the $RedirectAll command.
In fact it will have a buffer overflow, letting an attacker to execute
arbitrary code on the victim system.

NOTE: To exploit the bug the attacker needs to have admin privilege on
the victim hub."

test poc:
http://www.autistici.org/fdonato/poc/OpenDcHub[0714]BOF-poc.zip
(kills the opendchub process)

there's no vendor fix yet, but a patch on the fd-list.

JG


Reproducible: Always
Steps to Reproduce:

------- Comment #1 From Luke Macken (RETIRED) 2004-11-24 10:47:42 0000 ------- 
Created an attachment (id=44651) [details]
0.7.14-overflow.patch

Patch by Donato Ferrante from Full-Disclosure.

------- Comment #2 From Luke Macken (RETIRED) 2004-11-24 10:48:58 0000 ------- 
net-p2p,

please verify/apply patch.

------- Comment #3 From Matthias Geerdsen 2004-11-26 02:56:40 0000 ------- 
Well this should probably be a C2, cause it would allow a remote user to
execute arbitrary code. Admin privileges shouldn't usually be given to really
untrusted users though, since that allows configuring/stopping/... the hub,
nevertheless admin privileges can be given to users without shell access of
course.
There does not seem to be a default user for running opendchubs on gentoo btw.

see also <http://securitytracker.com/alerts/2004/Nov/1012323.html>

------- Comment #4 From Jon Hood (RETIRED) 2004-11-27 08:00:14 0000 ------- 
bug confirmed/patched/committed/stable in portage

------- Comment #5 From Luke Macken (RETIRED) 2004-11-27 19:52:27 0000 ------- 
GLSA drafted; security, please review.

------- Comment #6 From Luke Macken (RETIRED) 2004-11-28 12:12:48 0000 ------- 
GLSA 200411-37
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug