544324 – (CVE-2015-0841) <net-libs/libcapsinetwork-0.3.0-r2: off-by-one error in network code (CVE-2015-0841)

Bug 544324 (CVE-2015-0841) - <net-libs/libcapsinetwork-0.3.0-r2: off-by-one error in network code (CVE-2015-0841)

Summary: <net-libs/libcapsinetwork-0.3.0-r2: off-by-one error in network code (CVE-201...

Status:	RESOLVED FIXED

Alias:	CVE-2015-0841

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:	B2 [glsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2015-03-24 13:15 UTC by Agostino Sarubbo
Modified:	2015-07-10 12:32 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2015-03-24 13:15:18 UTC

From ${URL} :

| There's an off-by-one error in libcapsinetwork network handling code,
| which was merged into monopd in version 0.9.4.
| 
| From src/listener.cpp, Listener::checkActivity():
| 
|   #define MAXLINE 1024
| [...]
|   char *readBuf = new char[MAXLINE];
|   int n = read((*it)->fd(), readBuf, MAXLINE);
|   if (n <= 0) // socket was closed
|   {
|           (*it)->setStatus(Socket::Closed);
|           delete[] readBuf;
|           return; // notification is (still) in earlier iteration
|   }
|   readBuf[n] = 0;
| 
| With an input line longer than 1023, this will write zero at readBuf[1024]
| which is out of bounds.

<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781043>
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781044>



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Sergey Popov gentoo-dev

2015-04-24 11:41:31 UTC

+*libcapsinetwork-0.3.0-r2 (24 Apr 2015)
+
+  24 Apr 2015; Sergey Popov <pinkbyte@gentoo.org>
+  +libcapsinetwork-0.3.0-r2.ebuild,
+  +files/libcapsinetwork-0.3.0-CVE-2015-0841.patch:
+  Revision bump: fix security issue, wrt bug #544324, add multilib support

Let's begin stabilization

Arches, please test and mark stable =net-libs/libcapsinetwork-0.3.0-r2

Target keywords: amd64 ppc sparc x86

Comment 2 Sergey Popov gentoo-dev

2015-04-24 14:24:35 UTC

I have contacted with libcapsinetwork's upstream(it's not actually dead). They incorporate changes of this library in their application(games-server/monopd) and they strongly discourage using this standalone library

In this circumstances, i think it would be better to just lastrite it - it will not harm too much, as there was no consumers in our portage tree.

Comment 3 Sergey Popov gentoo-dev

2015-04-24 14:33:15 UTC

+  24 Apr 2015; Sergey Popov <pinkbyte@gentoo.org> package.mask:
+  Mask net-libs/libcapsinetwork

Comment 4 Michał Górny archtester

2015-05-27 12:38:56 UTC

The package is gone now.

Comment 5 Sergey Popov gentoo-dev

2015-05-29 09:38:28 UTC

GLSA request is filed

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2015-07-10 08:35:03 UTC

This issue was resolved and addressed in
 GLSA 201507-12 at https://security.gentoo.org/glsa/201507-12
by GLSA coordinator Mikle Kolyada (Zlogene).

Comment 7 GLSAMaker/CVETool Bot gentoo-dev

2015-07-10 12:31:58 UTC

CVE-2015-0841 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0841):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.
  
  ** TEMPORARY **
  There's an off-by-one error in libcapsinetwork network handling code, which
  was merged into monopd in version 0.9.4.