Summary: | dev-lang/nasm-0.98.38: error() overflows buff[] | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sascha Silbe <sascha-gentoo-bugzilla> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | normal | CC: | mr_bones_ | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | All | ||||||||
Whiteboard: | B2 [glsa] lewk | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Sascha Silbe
2004-12-15 05:16:24 UTC
Created attachment 46029 [details]
22.S from advisory
upstream is fixing : http://sourceforge.net/mailarchive/forum.php?thread_id=6166881&forum_id=4978 Created attachment 46130 [details, diff]
nasm-0.98.38-overflow.patch
Patch to fix vsprintf vulnerabilities.
Mr Bones, please verify and apply patch. It didn't "exploit" like it was described on the advisory but it did segfault. Applying the patch prevented the segfault. Added to portage, rev bumped and removed all previous versions of the ebuild. glep at will. The exploit is for a specific environment (FreeBSD 4.x, x86 etc.) and would need to be adapted to the environment you're trying it on (Linux 2.6, etc.) to do exactly what is described. The SegFault shows that you're most probably vulnerable, though. Thanks for releasing a fixed ebuild! Security, please vote on GLSA. B2 doesn't call a vote. Only A4, B3, B4, C3 do... so GLSA there will be. GLSA 200412-20 |