Summary: | dev-util/motor: ktools buffer overflow / privilege escalation (CVE-2005-3863) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Raphael Marichez (Falco) (RETIRED) <falco> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | liquidx, wormo |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/20329 | ||
Whiteboard: | C2 [glsa] Falco | ||
Package list: | Runtime testing required: | --- |
Description
Raphael Marichez (Falco) (RETIRED)
2006-05-31 03:14:49 UTC
patch below : --- motor-3.2.2.orig/kkstrtext/kkstrtext.h +++ motor-3.2.2/kkstrtext/kkstrtext.h @@ -83,7 +83,7 @@ { \ va_list vgs__ap; char vgs__buf[1024]; \ va_start(vgs__ap, fmt); \ - vsprintf(vgs__buf, fmt, vgs__ap); c = vgs__buf; \ + vsnprintf(vgs__buf, 1024, fmt, vgs__ap); c = vgs__buf; \ va_end(vgs__ap); \ } http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1.diff.gz i'm not sure this is exploitable for code injection Hi liquidx, please provide a fixed ebuild if possible. Thanks in advance. Sec-team, we should decide if this is exploitable or not for a GLSA decision. Hm, as far as I can see, local threat -> execute code, but I don't yet see the privilege escalation here. Did somebody check whether the other apps depending on ktools were fixed? centericq had glsa-200512-11, groan seems not to be in portage, but Orpheus is, and looking at the Changelog the last change was before the bug was discovered. Not sure of the impact, though. Any news on this one? liquidx please advise We should probably patch this one ourselves or hunt that maintainer down. Sorry, I didn't even realise I still maintain this package. So what is the solution? Get 3.4.0 to portage or apply that patch? Committed patch from debian that is the same as the one in the comments. bumped for motor-3.3.0-r1 and motor-3.4.0-r1 for stable and unstable respectively. I've taken the liberty to mark it stable for motor-3.3.0 for x86, so we need ppc to mark motor-3.3.0-r1 stable as well 3.3.0-r1 doesn't seem to work too well here, after I create a project it doesn't get added to the project list. On the other hand, 3.4.0-r1 does work fine, so I'll stable it and you can get rid of the vulnerable 3.3.0 This one is ready for GLSA. GLSA 200608-27 sent but does not appear on some gentoo-announce recipients... Falco, either we should close this one or resend (unless it has mysteriously appeared in the meantime). glsa resent and received :) |