| Summary: | app-office/abiword: format string vulnerability | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Tavis Ormandy (RETIRED) <taviso> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | gnome |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Other | ||
| Whiteboard: | C2? [noglsa] jaervosz | ||
| Package list: | Runtime testing required: | --- | |
testcase would be saving a file called foo%.500x%n%n%n%n%nbar.abw or something, modifying the file, then attempting to exit without saving. Thx Tavis, has upstream been notified? They have now :) http://bugzilla.abisource.com/show_bug.cgi?id=9201 upstream report the issue has now been fixed in their cvs repository Gnome team: feel like patching ? Or wait for a new release ? patching would be fine by me, but i have zero time this week so won't get around to it anytime soon. If any of the security folk care to do it ? Tavis, feel like pushing the patch in ? Anyone else in Gnome herd ? All 3 builds have been revbumped and patched. old ( non rev bumped ) ebuilds w/o the patch were removed. Ready for GLSA Hmm, let's rather vote... It's a quite complicated path to social engineer (especially the "quit without saving" part). I would vote a weak NO. I vote NO. Voting no too -> closing |
libaudit noticed a format string vulnerability in abiword: Jun 24 23:47:00 insomniac abiword-2.2: warn: non-literal format string contains no specifiers: vsprintf(0x88ed868, "Save changes to document Statement.abw before closing?"); Of questionable security impact, a user would have to open, modify and then attempt to exit abiword with a very dodgy looking filename, but it should be fixed nonetheless. suggested fix, around line 761 of abi/src/af/xap/xp/xap_Frame.cpp - pDialog->setMessage(szNewMessage); + pDialog->setMessage("%s", szNewMessage);