Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 191005 - net-im/centerim-4.22.1_p20070618 gets killed for stack smashing attack
Summary: net-im/centerim-4.22.1_p20070618 gets killed for stack smashing attack
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: AMD64 Linux
: High normal (vote)
Assignee: Sven Wegener
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-09-01 21:10 UTC by Sven Nierlein
Modified: 2012-12-15 13:26 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sven Nierlein 2007-09-01 21:10:33 UTC
trying to start centerim produces the following output:

centerim: stack smashing attack in function void icqconf::loadsounds() - terminated Report to http://bugs.gentoo.org/

building a version from the source with:
./configure --disable-yahoo --disable-aim --disable-irc --disable-jabber --disable-gg --disable-msn --disable-rss --disable-lj --prefix=/home/me/centerim --with-ssl
works fine.

Reproducible: Always

Steps to Reproduce:
1. emerge net-im/centerim-4.22.1_p20070618  USE="crypt icq nls ssl -aim -bidi -gadu -irc -jabber -lj -msn -rss -yahoo"
2. ./centerim

Actual Results:  
centerim: stack smashing attack in function void icqconf::loadsounds() - terminated 
Report to http://bugs.gentoo.org/

Expected Results:  
centerim should start

emerge --info:
Portage 2.1.2.12 (hardened/amd64, gcc-3.4.6, glibc-2.5-r4, 2.6.11-gentoo-r6 x86_64)
=================================================================
System uname: 2.6.11-gentoo-r6 x86_64 AMD Athlon(tm) 64 Processor 3000+
Gentoo Base System release 1.12.9
Timestamp of tree: Sat, 01 Sep 2007 07:30:01 +0000
app-shells/bash:     3.2_p17 
dev-java/java-config: 1.3.7, 2.0.33-r1
dev-lang/python:     2.3.5-r3, 2.4.4-r4
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17  
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16 
sys-devel/libtool:   1.5.24  
virtual/os-headers:  2.6.21  
ABI="amd64"
ACCEPT_KEYWORDS="amd64"
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol"
ARCH="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu" 
CDEFINE_amd64="__x86_64__"   
CFLAGS="-march=athlon64 -pipe"
CHOST="x86_64-pc-linux-gnu"  
CHOST_amd64="x86_64-pc-linux-gnu"
CLASSPATH="."
CLEAN_DELAY="5"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo"
CVS_RSH="ssh"
CXXFLAGS="-march=athlon64 -pipe"
DEFAULT_ABI="amd64"
DISTDIR="/usr/portage/distfiles"
EDITOR="/usr/bin/vim"
ELIBC="glibc"
EMERGE_WARNING_DELAY="10"
FEATURES="distlocks metadata-transfer sandbox sfperms strict"
FETCHCOMMAND="/usr/bin/wget -t 5 -T 60 --passive-ftp -O ${DISTDIR}/${FILE} ${URI}"
GCC_PATH="/usr/x86_64-pc-linux-gnu/gcc-bin/3.4.6"
GCC_SPECS=""
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
G_BROKEN_FILENAMES="1"
G_FILENAME_ENCODING="UTF-8"  
HISTCONTROL="ignoredups"
HOME="/root"
INFOPATH="/usr/share/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.17/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/3.4.6/info"
INPUT_DEVICES="mouse keyboard"
JAVAC="/etc/java-config-2/current-system-vm/bin/javac"
JAVA_HOME="/etc/java-config-2/current-system-vm"
JDK_HOME="/etc/java-config-2/current-system-vm"
KERNEL="linux"
LANG="en_US.utf8"
LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text"
LDFLAGS_amd64="-m elf_x86_64"
LESS="-R -M --shift 5"
LESSOPEN="|lesspipe.sh %s"   
LIBDIR_amd64="lib64"
LINGUAS="en"
LOGNAME="root"
LS_COLORS="no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:su=37;41:sg=30;43:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.pdf=00;32:*.ps=00;32:*.txt=00;32:*.patch=00;32:*.diff=00;32:*.log=00;32:*.tex=00;32:*.doc=00;32:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:"
LS_OPTIONS="--color=auto"
MAKEOPTS="-j2"
MANPATH="/etc/java-config-2/current-system-vm/man:/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.17/man:/usr/share/gcc-data/x86_64-pc-linux-gnu/3.4.6/man:/etc/java-config/system-vm/man/:/usr/lib64/php5/man/"
MULTILIB_ABIS="amd64"
NOCOLOR="true"
OLDPWD="/home/sven/irclogs/pilgerer"
PAGER="/usr/bin/less"
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/3.4.6"
PKGDIR="/usr/portage/packages"
PORTAGE_ARCHLIST="ppc s390 amd64 x86 ppc64 x86-fbsd m68k arm sparc sh mips ia64 alpha ppc-macos hppa sparc-fbsd"
PORTAGE_BINHOST_CHUNKSIZE="3000"
PORTAGE_BIN_PATH="/usr/lib64/portage/bin"
PORTAGE_CONFIGROOT="/"
PORTAGE_DEBUG="0"
PORTAGE_DEPCACHEDIR="/var/cache/edb/dep"
PORTAGE_ELOG_CLASSES="log warn error"
PORTAGE_ELOG_MAILFROM="portage"
PORTAGE_ELOG_MAILSUBJECT="[portage] ebuild log for ${PACKAGE} on ${HOST}"
PORTAGE_ELOG_MAILURI="root"  
PORTAGE_GID="250"
PORTAGE_INST_GID="0"
PORTAGE_INST_UID="0"
PORTAGE_NICENESS="10"
PORTAGE_PYM_PATH="/usr/lib64/portage/pym"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_RSYNC_RETRIES="3"
PORTAGE_TMPDIR="/var/tmp"
PORTAGE_WORKDIR_MODE="0700"  
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
PORT_LOGDIR="/var/log/ebuild"
PS1="\t \u@\h:\w \# #>"
PS2="\t \u@\h #>"
PWD="/root"
PYTHONPATH="/usr/lib64/portage/pym"
RESUMECOMMAND="/usr/bin/wget -c -t 5 -T 60 --passive-ftp -O ${DISTDIR}/${FILE} ${URI}"
ROOT="/"
ROOTPATH="/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/3.4.6"
RPMDIR="/usr/portage/rpm"
SHELL="/bin/bash"
SHLVL="1"
STAGE1_USE="hardened pic"
SYMLINK_LIB="yes"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
TERM="linux"
USE="amd64 apache2 bash-completion berkdb cracklib crypt curl gd hardened imap jpeg justify libwww maildir midi mysql nls nptl nptlonly pam pam-mysql pcntl pic png readline sasl slang ssl tcpd truetype unicode urandom xorg zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU"
USER="root"
USERLAND="GNU"
USE_EXPAND="ALSA_CARDS ALSA_PCM_PLUGINS CAMERAS CROSSCOMPILE_OPTS DVB_CARDS ELIBC FCDSL_CARDS FOO2ZJS_DEVICES FRITZCAPI_CARDS INPUT_DEVICES KERNEL LCD_DEVICES LINGUAS LIRC_DEVICES MISDN_CARDS USERLAND VIDEO_CARDS"
USE_EXPAND_HIDDEN="CROSSCOMPILE_OPTS ELIBC KERNEL USERLAND"
USE_ORDER="env:pkg:conf:defaults:pkginternal:env.d"
XARGS="xargs -r"
_="/usr/bin/emerge"
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2007-09-02 01:56:34 UTC
This is not a Gentoo Bugzilla product bug; kindly read the descriptions.
Comment 2 Christian Faulhammer (RETIRED) gentoo-dev 2008-02-12 07:27:39 UTC
Does this still happen with the current version?
Comment 3 Sven Nierlein 2008-04-15 07:39:59 UTC
Curret version of centerim doesn't even compile:

/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/../../../../x86_64-pc-linux-gnu/bin/ld: /var/tmp/portage/net-im/centerim-4.22.5/work/centerim-4.22.5/libicq2000/liblibicq2000.a(Client.o): re
location R_X86_64_PC32 against `std::basic_ostringstream<char, std::char_traits<char>, std::allocator<char> >::basic_ostringstream(std::_Ios_Openmode)@@GLIBCXX_3.4' can not be used
 when making a shared object; recompile with -fPIC
/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/../../../../x86_64-pc-linux-gnu/bin/ld: final link failed: Bad value
collect2: ld returned 1 exit status
make[3]: *** [centerim] Error 1
make[3]: Leaving directory `/var/tmp/portage/net-im/centerim-4.22.5/work/centerim-4.22.5/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/var/tmp/portage/net-im/centerim-4.22.5/work/centerim-4.22.5/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/net-im/centerim-4.22.5/work/centerim-4.22.5'
make: *** [all] Error 2

 *
 * ERROR: net-im/centerim-4.22.5 failed.
 * Call stack:
 *               ebuild.sh, line   49:  Called src_compile
 *             environment, line 2062:  Called die
 * The specific snippet of code:
 *       emake || die "emake failed"
 *  The die message:
 *   emake failed
Comment 4 Sven Wegener gentoo-dev 2008-06-18 20:57:46 UTC
(In reply to comment #3)
> Curret version of centerim doesn't even compile:
> 
> /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/../../../../x86_64-pc-linux-gnu/bin/ld:
> /var/tmp/portage/net-im/centerim-4.22.5/work/centerim-4.22.5/libicq2000/liblibicq2000.a(Client.o):
> re
> location R_X86_64_PC32 against `std::basic_ostringstream<char,
> std::char_traits<char>, std::allocator<char>
> >::basic_ostringstream(std::_Ios_Openmode)@@GLIBCXX_3.4' can not be used
>  when making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/../../../../x86_64-pc-linux-gnu/bin/ld:
> final link failed: Bad value
> collect2: ld returned 1 exit status

Looks like some PIE breakage.

I'm building centerim on this system

Portage 2.1.4.4 (hardened/amd64/multilib, gcc-3.4.6, glibc-2.6.1-r0, 2.6.21-X-x86_64-U x86_64)

and it just works.
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2008-06-19 10:44:13 UTC
(In reply to comment #4)
> (In reply to comment #3)
> > Curret version of centerim doesn't even compile:
> > 
> > /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/../../../../x86_64-pc-linux-gnu/bin/ld:
> > /var/tmp/portage/net-im/centerim-4.22.5/work/centerim-4.22.5/libicq2000/liblibicq2000.a(Client.o):
> > re
> > location R_X86_64_PC32 against `std::basic_ostringstream<char,
> > std::char_traits<char>, std::allocator<char>
> > >::basic_ostringstream(std::_Ios_Openmode)@@GLIBCXX_3.4' can not be used
> >  when making a shared object; recompile with -fPIC
> > /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/../../../../x86_64-pc-linux-gnu/bin/ld:
> > final link failed: Bad value
> > collect2: ld returned 1 exit status
> 
> Looks like some PIE breakage.
> 
> I'm building centerim on this system
> 
> Portage 2.1.4.4 (hardened/amd64/multilib, gcc-3.4.6, glibc-2.6.1-r0,
> 2.6.21-X-x86_64-U x86_64)
> 
> and it just works.

 Have you thought about reporting this to upstream, maybe they want to know about such failures, too.
Comment 6 Pacho Ramos gentoo-dev 2012-03-19 13:12:29 UTC
Is this still valid with 4.22.10?
Comment 7 Pacho Ramos gentoo-dev 2012-12-15 13:26:03 UTC
(In reply to comment #6)
> Is this still valid with 4.22.10?