Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 119683 - net-im/sim-0.9.4_pre060114: stack smashing attack in function void ICQClient::snac_buddy
Summary: net-im/sim-0.9.4_pre060114: stack smashing attack in function void ICQClient:...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: Peter Volkov (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-20 05:34 UTC by vyp08
Modified: 2006-02-01 00:41 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description vyp08 2006-01-20 05:34:13 UTC 
1. unmask net-im/sim (I like it!).
2. emerge net-im/sim-0.9.4_pre060114 ok.
3. run sim and when try connect to Inet:
sim: stack smashing attack in function void ICQClient::snac_buddy(short unsigned int, short unsigned int)()
Aborted

My Gentoo:
Portage 2.0.53 (!/make.profile.hardened, gcc-3.4.4, glibc-2.3.5-r2, 2.6.14-hardened-r3 i686)
=================================================================
System uname: 2.6.14-hardened-r3 i686 Intel(R) Celeron(R) CPU 2.60GHz
Gentoo Base System version 1.6.14
dev-lang/python:     2.3.5, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-mtune=pentium4 -O2 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib/X11/xkb /var/bind"
CONFIG_PROTECT_MASK="/etc/terminfo /etc/env.d"
DISTDIR="/usr/local/p/distfiles"
FEATURES="ccache distlocks sandbox"
GENTOO_MIRRORS="   http://mirror.aiya.ru/pub/gentoo/   http://gentoo.osuosl.org         http://www.ibiblio.org/pub/Linux/distributions/gentoo  "
LANG="ru_RU.KOI8-R"
LC_ALL="ru_RU.KOI8-R"
PKGDIR="/usr/local/p/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage/"
PORTDIR_OVERLAY="/usr/local/p/distfiles/portage-my"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acpi alsa avi berkdb crypt cups directfb dlloader dvdr fbcon fortran gdbm gif hardened jpeg lirc mbox milter mmx mmx2 mp3 mpeg ncurses nls nptl nptlonly oav opengl pam perl pic png posix quicktime readline rtc sasl sdl slang sse sse2 ssl svga tcpd tiff truetype truetype-fonts ttf type1-fonts usb userland_GNU userlocales v4l vorbis wmf x86 xinetd xv zlib"
Unset:  ASFLAGS, CTARGET, CXXFLAGS, LDFLAGS, LINGUAS, MAKEOPTS
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2006-01-21 06:49:47 UTC 
vyp08: Please, can you test sim compiled with gcc-3.3.x and then report results? There are some issues with gcc-3.4 in hardened toolchain.
Comment 2 vyp08 2006-01-23 02:26:47 UTC 
#gcc --version
gcc (GCC) 3.3.5-20050130 (Gentoo Hardened 3.3.5.20050130-r1, ssp-3.3.5.20050130-1, pie-8.7.7.1)

emerge & run net-im/sim-0.9.4_pre060114 fine.
But mini-icon is fully transparent (x11-libs/qt-3.3.4-r8, x11-wm/fvwm-2.5.12).
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2006-01-31 05:56:42 UTC 
I've added new ebuild sim-0.9.4_pre060131 and I hope it will fix SS attack. Please, reopen if you can reproduce bug.
Comment 4 vyp08 2006-02-01 00:41:09 UTC 
Reemerge: all ok. But...
When I try add new jabber account, Sim go to Inet without proxy (Squid) :((.
Log from iptables:
-- cut --
Feb  1 11:09:53 host2 ipt o reject: IN= OUT=eth0 SRC=192.168.0.02 DST=208.245.212.98 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=20048 DF PROTO=TCP SPT=45948 DPT=5222 WINDOW=5840 RES=0x00 SYN URGP=0
-- cut --
I add new jabber account by hands in files contacts.conf and plugins.conf and connect to jabber.org with Squid.