Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 197576 (CVE-2007-5723)

Summary: net-firewall/nufw < 2.2.7 samp_send Buffer overflow (DoS) (CVE-2007-5723)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: cedk, netmon
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/27442
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2007-10-31 00:49:29 UTC
CVE-2007-5723 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5723):
  Heap-based buffer overflow in the samp_send function in nuauth/sasl.c in NuFW
  before 2.2.7 allows remote attackers to cause a denial of service via
  unspecified input on which base64 encoding is performed. NOTE: some of these
  details are obtained from third party information.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-10-31 00:53:17 UTC
Netmon, Cédric, please advise.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2007-11-12 02:39:32 UTC
Netmon, cedk is marked away. Are you touching this package?
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2007-11-12 13:06:14 UTC
Thank you Rober for report. nufw-2.2.7 is in portage. Old vulnerable versions are cleaned. No versions were stable. Bug is FIXED. Leaving for security to update whiteboard and resolve bug.
Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-11-12 13:13:02 UTC
thanks Peter.