Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 544324 (CVE-2015-0841)

Summary: <net-libs/libcapsinetwork-0.3.0-r2: off-by-one error in network code (CVE-2015-0841)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: pinkbyte
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2015/03/23/20
Whiteboard: B2 [glsa cve]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2015-03-24 13:15:18 UTC 
From ${URL} :

| There's an off-by-one error in libcapsinetwork network handling code,
| which was merged into monopd in version 0.9.4.
| 
| From src/listener.cpp, Listener::checkActivity():
| 
|   #define MAXLINE 1024
| [...]
|   char *readBuf = new char[MAXLINE];
|   int n = read((*it)->fd(), readBuf, MAXLINE);
|   if (n <= 0) // socket was closed
|   {
|           (*it)->setStatus(Socket::Closed);
|           delete[] readBuf;
|           return; // notification is (still) in earlier iteration
|   }
|   readBuf[n] = 0;
| 
| With an input line longer than 1023, this will write zero at readBuf[1024]
| which is out of bounds.

<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781043>
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781044>



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Sergey Popov (RETIRED) gentoo-dev 2015-04-24 11:41:31 UTC 
+*libcapsinetwork-0.3.0-r2 (24 Apr 2015)
+
+  24 Apr 2015; Sergey Popov <pinkbyte@gentoo.org>
+  +libcapsinetwork-0.3.0-r2.ebuild,
+  +files/libcapsinetwork-0.3.0-CVE-2015-0841.patch:
+  Revision bump: fix security issue, wrt bug #544324, add multilib support

Let's begin stabilization

Arches, please test and mark stable =net-libs/libcapsinetwork-0.3.0-r2

Target keywords: amd64 ppc sparc x86
Comment 2 Sergey Popov (RETIRED) gentoo-dev 2015-04-24 14:24:35 UTC 
I have contacted with libcapsinetwork's upstream(it's not actually dead). They incorporate changes of this library in their application(games-server/monopd) and they strongly discourage using this standalone library

In this circumstances, i think it would be better to just lastrite it - it will not harm too much, as there was no consumers in our portage tree.
Comment 3 Sergey Popov (RETIRED) gentoo-dev 2015-04-24 14:33:15 UTC 
+  24 Apr 2015; Sergey Popov <pinkbyte@gentoo.org> package.mask:
+  Mask net-libs/libcapsinetwork
Comment 4 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2015-05-27 12:38:56 UTC 
The package is gone now.
Comment 5 Sergey Popov (RETIRED) gentoo-dev 2015-05-29 09:38:28 UTC 
GLSA request is filed
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2015-07-10 08:35:03 UTC 
This issue was resolved and addressed in
 GLSA 201507-12 at https://security.gentoo.org/glsa/201507-12
by GLSA coordinator Mikle Kolyada (Zlogene).
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2015-07-10 12:31:58 UTC 
CVE-2015-0841 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0841):
  ** RESERVED ** This candidate has been reserved by an organization or
  individual that will use it when announcing a new security problem. When the
  candidate has been publicized, the details for this candidate will be
  provided.
  
  ** TEMPORARY **
  There's an off-by-one error in libcapsinetwork network handling code, which
  was merged into monopd in version 0.9.4.