901979 – <sys-auth/skey-1.1.5-r14: Buffer overflow

Bug 901979 - <sys-auth/skey-1.1.5-r14: Buffer overflow

Summary: <sys-auth/skey-1.1.5-r14: Buffer overflow

Status:	IN_PROGRESS

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa?]
Keywords:

Depends on:	904538
Blocks:
	Show dependency tree

Reported:	2023-03-17 21:21 UTC by Sam James
Modified:	2023-04-30 23:46 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2023-03-17 21:21:04 UTC

See https://marc.info/?l=oss-security&m=167892203725404&w=2:

```
We discovered a minor stack-based buffer overflow in OpenBSD's libskey;
it was introduced in July 1997 by the following commit:

https://github.com/openbsd/src/commit/ea55ee16580e7b47c83712c5fd50615f8b1d26ad

and was fixed today by the following commit (thanks to OpenBSD for their
incredibly quick response!):

https://github.com/openbsd/src/commit/848ef98a011b51fa811cb86fe900433edd2db24a

and although the vulnerable function is reachable remotely via OpenSSH,
this bug is useless in practice:

- the hostname of the affected system must be longer than 126 characters
  to trigger this buffer overflow;

- the characters that overflow this buffer are all '\0' characters (the
  filler characters of a strncpy() call).

[...]
```

Comment 1 Sam James archtester

2023-03-17 21:21:16 UTC

Please stable when ready, thanks!

Comment 2 Ulrich Müller gentoo-dev

2023-04-19 07:45:25 UTC

Dropped the buggy r13 revision.