Gentoo Bug 90851 - www-servers/pound: "add_port()" Function Buffer Overflow Vulnerability

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	90851
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Jean-François Brunette (RETIRED) <formula7@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 90851 depends on:			Show dependency tree
Bug 90851 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-04-29 06:23 0000

Description:
Steven Van Acker has reported a vulnerability in Pound, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the "add_port()" function and can be exploited to cause a buffer overflow by supplying an overly long hostname.

Successful exploitation may allow execution of arbitrary code.

The vulnerability has been reported in version 1.8.2. Prior versions may also be affected.

Solution:
Update to version 1.8.3.
http://www.apsis.ch/pound/

Provided and/or discovered by:
Steven Van Acker

Original Advisory:
http://www.apsis.ch/pound/pound_...chive/2005/2005-04/1114516112000

------- Comment #1 From solar 2005-04-29 06:27:57 0000 -------

Existing Keywords: pound-1.7:  ppc ~hppa x86 ~mips ~sparc alpha

------- Comment #2 From Thierry Carrez (RETIRED) 2005-04-29 06:33:34 0000 -------

web-apps herd, please bump to 0.8.3

------- Comment #3 From Aaron Walker (RETIRED) 2005-04-29 07:50:40 0000 -------

In cvs, x86 stable.  CC'd archs please mark stable.

------- Comment #4 From Michael Hanselmann (hansmi) (RETIRED) 2005-04-29 10:24:03 0000 -------

Stable on ppc.

------- Comment #5 From Bryan Østergaard (RETIRED) 2005-04-30 01:03:26 0000 -------

Stable on alpha.

------- Comment #6 From Thierry Carrez (RETIRED) 2005-04-30 07:41:57 0000 -------

GLSA 200504-29
Thanks Jean-Fran

------- Comment #7 From Thierry Carrez (RETIRED) 2005-04-30 07:41:57 0000 -------

GLSA 200504-29
Thanks Jean-François for the draft :)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 90851

www-servers/pound: "add_port()" Function Buffer Overflow Vulnerability

Last modified: 2005-04-30 07:41:57 0000