Summary: | <media-libs/plib-1.8.5-r1: "ulSetError()" Buffer Overflow Vulnerability (CVE-2011-4620) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | games, mr_bones_ | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://secunia.com/advisories/47297/ | ||||||
Whiteboard: | B2 [glsa cve] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Agostino Sarubbo
2011-12-21 16:09:30 UTC
CVE-2011-4620 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4620): Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these details are obtained from third party information. @games: openSUSE has a patch [1] for this and bug 440762 we may be able to use since upstream has not updated. [1] https://build.opensuse.org/request/show/144547 that patch looks terrible. vsnprintf null-terminates. Created attachment 423696 [details, diff] Patch from debian Extracted from the patch at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654785 Package revbumped per [0]. Arch teams, please test and mark stable: =media-libs/plib-1.8.5-r1 Targeted stable KEYWORDS : alpha amd64 hppa ppc sparc x86 [0]: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2c3350ada353ca2c523210909a4fea07fcc5a10 amd64 stable @arches, still pending stabilization on: alpha, hppa, ppc, sparc, and x86. @games, once stable please remove vulnerable version 1.8.5. *** Bug 576016 has been marked as a duplicate of this bug. *** Stable for HPPA. Stable on alpha. x86 stable ppc stable sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. New GLSA opened. This issue was resolved and addressed in GLSA 201606-16 at https://security.gentoo.org/glsa/201606-16 by GLSA coordinator Aaron Bauman (b-man). |