Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 243228 (CVE-2008-3863) - app-text/enscript <1.6.4-r4: read_special_escape() buffer overflow (CVE-2008-{3863,4306})
Summary: app-text/enscript <1.6.4-r4: read_special_escape() buffer overflow (CVE-2008-...
Status: RESOLVED FIXED
Alias: CVE-2008-3863
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/secunia_research/2...
Whiteboard: B1/2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-10-22 15:49 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2008-12-02 17:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2008-10-22 15:49:38 UTC
====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in GNU Enscript, which 
can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the 
"read_special_escape()" function in src/psgen.c. This can be exploited
to cause a stack-based buffer overflow by tricking the user into 
converting a malicious file.

Successful exploitation allows execution of arbitrary code, but
requires that special escapes processing is enabled with the "-e" 
option.
Comment 1 Christian Hoffmann (RETIRED) gentoo-dev 2008-10-22 16:36:47 UTC
Setting whiteboard.

Upstream (in $URL) looks rather dead, our most recent in-tree version (1.6.4) isn't even on their FTP, but it's here: http://www.codento.com/people/mtr/genscript/ (which does not look too active either).

Maybe we can borrow patches from other distributions.
Comment 2 Christian Hoffmann (RETIRED) gentoo-dev 2008-10-22 16:40:39 UTC
Not sure about B2, could also be B1 as enscript can be used in trac for parsing user-supplied data, if i remember correctly.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-11-07 13:41:19 UTC
Let's go with the SUSE+RedHat patch:
https://bugzilla.redhat.com/attachment.cgi?id=322032
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3863

printing, please apply and bump.
Comment 4 Timo Gurr (RETIRED) gentoo-dev 2008-11-07 16:46:49 UTC
Applied and revbumped, enscript-1.6.4-r4 in the tree. I've also borrowed another Fedora patch to repair emake install.
Comment 5 Christian Hoffmann (RETIRED) gentoo-dev 2008-11-07 16:51:37 UTC
Arches, please test and mark stable
  =app-text/enscript-1.6.4-r4

Target keywords: alpha amd64 hppa ia64 ppc ppc64 sparc x86
Comment 6 Ferris McCormick (RETIRED) gentoo-dev 2008-11-07 18:13:38 UTC
Sparc stable, working fine for me.
Comment 7 Markus Meier gentoo-dev 2008-11-08 12:53:46 UTC
amd64/x86 stable
Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2008-11-08 16:59:57 UTC
alpha/ia64 stable
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2008-11-08 17:01:34 UTC
Stable for HPPA.
Comment 10 Markus Rothe (RETIRED) gentoo-dev 2008-11-12 18:06:18 UTC
ppc64 stable
Comment 11 Tobias Scherbaum (RETIRED) gentoo-dev 2008-11-15 18:44:35 UTC
ppc stable
Comment 12 Robert Buchholz (RETIRED) gentoo-dev 2008-12-02 17:28:37 UTC
GLSA 200812-02