Bug 154315

Summary:

sys-cluster/openpbs Possible multiple issues (CVE-2006-5616)

Product:

Gentoo Security

Reporter:

Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>

Component:

Vulnerabilities

Assignee:

Gentoo Security <security>

Status:

RESOLVED DUPLICATE

Severity:

normal

Priority:

High

Version:

unspecified

Hardware:

All

OS:

Linux

URL:

http://secunia.com/advisories/22637/

Whiteboard:

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
OpenPBS_2_3_16-security.diff	none

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-11-06 23:38:27 UTC

Untested patch from Thomas Biege.

summary:
- strncpy() off-by-one
- return value check for setuid()
- zero'ize rbuf
- off-by-one in while (cp < &rbuf[BUFSIZ] && ch != '\n'); 
- verify/limit values of: size, blksize, need

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-11-06 23:39:18 UTC

Created attachment 101375 [details, diff]
OpenPBS_2_3_16-security.diff

Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev

2006-11-07 03:17:48 UTC

is this http://secunia.com/advisories/22637/ :: 
CVE-2006-5616 :: http://lists.suse.com/archive/suse-security-announce/2006-Oct/0007.html
?

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-11-07 11:55:28 UTC

Seems to be the same, though I didn't check wether the patches match.

Comment 4 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-11-10 05:19:19 UTC


*** This bug has been marked as a duplicate of 153495 ***