|Summary:||<net-analyzer/echoping-6.0.2_p434 - Buffer Overflow Vulnerabilities (CVE-2010-5111)|
|Product:||Gentoo Security||Reporter:||Tim Sammut (RETIRED) <underling>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Package list:||Runtime testing required:||---|
Description Tim Sammut (RETIRED) 2010-12-24 04:42:17 UTC
From the Secunia advisory at $URL: Description Some vulnerabilities have been discovered in echoping, which can be exploited by malicious people to potentially compromise a user's system. 1) A boundary error exists within the "TLS_readline()" function in readline.c, which can be exploited to overflow a global buffer by sending an overly long encrypted HTTP reply to echoping. Successful exploitation requires that echoping is compiled with GNU TLS support. 2) A boundary error exists within the "SSL_readline()" function in readline.c, which can be exploited to overflow a global buffer by sending an overly long encrypted HTTP reply to echoping. Successful exploitation requires that echoping is compiled with SSL support. The vulnerabilities are confirmed in version 6.0.2. Other versions may also be affected.
Comment 1 Jeroen Roovers (RETIRED) 2010-12-24 17:02:08 UTC
Looks like  which has a patch attached.  http://sourceforge.net/tracker/?func=detail&aid=3137686&group_id=4581&atid=104581
Comment 2 Chris Reffett (RETIRED) 2013-09-03 04:33:11 UTC
@maintainers: ping, patching would be nice.
Comment 3 Jeroen Roovers (RETIRED) 2013-09-03 14:09:24 UTC
I'm preparing a new ebuild based on an SVN snapshot.
Comment 4 Jeroen Roovers (RETIRED) 2013-09-03 14:56:10 UTC
Arch teams, please test and mark stable: =net-analyzer/echoping-6.0.2_p434 Targeted stable KEYWORDS : amd64 x86
Comment 5 Agostino Sarubbo 2013-09-04 12:47:14 UTC
Comment 6 Myckel Habets 2013-09-09 09:48:43 UTC
Builds and runs fine on x86. Please mark stable for x86.
Comment 7 Agostino Sarubbo 2013-09-14 10:21:59 UTC
Comment 8 Sergey Popov 2013-10-17 11:47:24 UTC
Thanks for you work. GLSA request filed.
Comment 9 Sergey Popov 2013-10-28 11:27:07 UTC
CVE number was reassigned - now this is CVE-2010-5111 Confirmation - http://www.openwall.com/lists/oss-security/2013/10/21/9
Comment 10 GLSAMaker/CVETool Bot 2014-06-06 12:56:52 UTC
This issue was resolved and addressed in GLSA 201406-07 at http://security.gentoo.org/glsa/glsa-201406-07.xml by GLSA coordinator Sergey Popov (pinkbyte).