197576 – (CVE-2007-5723) net-firewall/nufw < 2.2.7 samp_send Buffer overflow (DoS) (CVE-2007-5723)

Bug 197576 (CVE-2007-5723) - net-firewall/nufw < 2.2.7 samp_send Buffer overflow (DoS) (CVE-2007-5723)

Summary: net-firewall/nufw < 2.2.7 samp_send Buffer overflow (DoS) (CVE-2007-5723)

Status:	RESOLVED FIXED

Alias:	CVE-2007-5723

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/27442
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2007-10-31 00:49 UTC by Robert Buchholz (RETIRED)
Modified:	2007-11-12 13:13 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2007-10-31 00:49:29 UTC

CVE-2007-5723 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5723):
  Heap-based buffer overflow in the samp_send function in nuauth/sasl.c in NuFW
  before 2.2.7 allows remote attackers to cause a denial of service via
  unspecified input on which base64 encoding is performed. NOTE: some of these
  details are obtained from third party information.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2007-10-31 00:53:17 UTC

Netmon, Cédric, please advise.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2007-11-12 02:39:32 UTC

Netmon, cedk is marked away. Are you touching this package?

Comment 3 Peter Volkov (RETIRED) gentoo-dev

2007-11-12 13:06:14 UTC

Thank you Rober for report. nufw-2.2.7 is in portage. Old vulnerable versions are cleaned. No versions were stable. Bug is FIXED. Leaving for security to update whiteboard and resolve bug.

Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-11-12 13:13:02 UTC

thanks Peter.