Bug 179778

Summary:	dev-lang/tcl < 8.4.15 Buffer Overflow
Product:	Gentoo Security	Reporter:	Pierre-Yves Rofes (RETIRED) <py>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	normal	CC:	tcltk
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://secunia.com/advisories/25401/
Whiteboard:	B2 [ebuild] p-y
Package list:		Runtime testing required:	---

Description Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-05-25 17:56:10 UTC

Martin Lemburg has reported a security issue in Tcl, which potentially can be exploited by malicious, local users to gain escalated privileges.

The security issue is caused due to a boundary error within tcl/win/tclWinReg.c when processing overly long registry key names. This can be exploited to cause a buffer overflow by e.g. creating a malicious registry key and enticing another user to query it with an application using Tcl.

The security issue is reported in versions prior to 8.4.15. Other versions may also be affected.

Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-05-25 17:57:53 UTC

Setting status and cc'ing herd. tcltk team, please advise and bump as necessary.

Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-05-25 18:01:17 UTC

ok forget about that, it's for windows only. sorry for the noise.