717944 – (CVE-2019-17455) <net-libs/libntlm-1.6: Buffer overflow in tSmbNtlmAuth{Request,Challenge} (CVE-2019-17455)

Bug 717944 (CVE-2019-17455) - <net-libs/libntlm-1.6: Buffer overflow in tSmbNtlmAuth{Request,Challenge} (CVE-2019-17455)

Summary: <net-libs/libntlm-1.6: Buffer overflow in tSmbNtlmAuth{Request,Challenge} (CV...

Status:	RESOLVED FIXED

Alias:	CVE-2019-17455

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa cve]
Keywords:	CC-ARCHES

Depends on:
Blocks:	EAPI5Removal
	Show dependency tree

Reported:	2020-04-17 20:57 UTC by GLSAMaker/CVETool Bot
Modified:	2020-07-29 00:20 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	net-libs/libntlm-1.6
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2020-04-17 20:57:48 UTC

CVE-2019-17455 (https://nvd.nist.gov/vuln/detail/CVE-2019-17455):
  Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest,
  tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations,
  as demonstrated by a stack-based buffer over-read in buildSmbNtlmAuthRequest
  in smbutil.c for a crafted NTLM request.

Comment 1 Larry the Git Cow gentoo-dev

2020-07-19 00:35:35 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ddde72881ac2e304d026697e581bc4e621977ad4

commit ddde72881ac2e304d026697e581bc4e621977ad4
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-07-19 00:31:02 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-07-19 00:35:27 +0000

    net-libs/libntlm: security bump to 1.6
    
    Bug: https://bugs.gentoo.org/717944
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: Sam James <sam@gentoo.org>

 net-libs/libntlm/Manifest           |  1 +
 net-libs/libntlm/libntlm-1.6.ebuild | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+)

Comment 2 Sam James archtester

2020-07-20 15:20:23 UTC

arm64 stable

Comment 3 Sam James archtester

2020-07-20 15:30:48 UTC

arm stable

Comment 4 Sam James archtester

2020-07-20 17:34:19 UTC

x86 stable

Comment 5 Sam James archtester

2020-07-20 17:34:30 UTC

ppc stable

Comment 6 Sam James archtester

2020-07-20 17:34:42 UTC

amd64 stable

Comment 7 Sam James archtester

2020-07-20 18:49:41 UTC

ppc64 stable

Comment 8 Sam James archtester

2020-07-21 00:40:50 UTC

sparc stable

Comment 9 Sam James archtester

2020-07-25 21:02:13 UTC

s390 stable

Comment 10 Sam James archtester

2020-07-27 18:49:44 UTC

hppa: ping

Comment 11 Sam James archtester

2020-07-27 22:56:37 UTC

GLSA vote: no

Comment 12 Rolf Eike Beer archtester

2020-07-28 21:54:31 UTC

dropped to ~hppa

Comment 13 Sam James archtester

2020-07-28 21:55:20 UTC

Needs cleanup.

Comment 14 Larry the Git Cow gentoo-dev

2020-07-29 00:19:52 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c4218ab25dcb10fe03a93ae8e889c024783d1d5

commit 6c4218ab25dcb10fe03a93ae8e889c024783d1d5
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-07-29 00:19:21 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-07-29 00:19:37 +0000

    net-libs/libntlm: security cleanup
    
    Bug: https://bugs.gentoo.org/717944
    Package-Manager: Portage-3.0.1, Repoman-2.3.23
    Signed-off-by: Sam James <sam@gentoo.org>

 net-libs/libntlm/Manifest           |  1 -
 net-libs/libntlm/libntlm-1.4.ebuild | 14 --------------
 2 files changed, 15 deletions(-)