Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 154315 - sys-cluster/openpbs Possible multiple issues (CVE-2006-5616)
Summary: sys-cluster/openpbs Possible multiple issues (CVE-2006-5616)
Status: RESOLVED DUPLICATE of bug 153495
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://secunia.com/advisories/22637/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-06 23:38 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2006-11-10 05:19 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
OpenPBS_2_3_16-security.diff (OpenPBS_2_3_16-security.diff,4.34 KB, patch)
2006-11-06 23:39 UTC, Sune Kloppenborg Jeppesen (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-11-06 23:38:27 UTC
Untested patch from Thomas Biege.

summary:
- strncpy() off-by-one
- return value check for setuid()
- zero'ize rbuf
- off-by-one in while (cp < &rbuf[BUFSIZ] && ch != '\n'); 
- verify/limit values of: size, blksize, need
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-11-06 23:39:18 UTC
Created attachment 101375 [details, diff]
OpenPBS_2_3_16-security.diff
Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev 2006-11-07 03:17:48 UTC
is this http://secunia.com/advisories/22637/ :: 
CVE-2006-5616 :: http://lists.suse.com/archive/suse-security-announce/2006-Oct/0007.html
?
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-11-07 11:55:28 UTC
Seems to be the same, though I didn't check wether the patches match.
Comment 4 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-11-10 05:19:19 UTC

*** This bug has been marked as a duplicate of 153495 ***