261191 – (CVE-2009-0650) <net-analyzer/tptest-3.1.7-r2: Stack-based buffer overflows (CVE-2009-{0650,0659})

Bug 261191 (CVE-2009-0650) - <net-analyzer/tptest-3.1.7-r2: Stack-based buffer overflows (CVE-2009-{0650,0659})

Summary: <net-analyzer/tptest-3.1.7-r2: Stack-based buffer overflows (CVE-2009-{0650,0...

Status:	RESOLVED FIXED

Alias:	CVE-2009-0650

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B1 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2009-03-04 16:58 UTC by Robert Buchholz (RETIRED)
Modified:	2013-10-26 20:52 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Proposed patch to fix the vulnerabilities in the GetStatsFromLine function in tpcommon.c. (tptest-3.1.7.GetStatsFromLine.patch,5.93 KB, patch) 2009-06-11 20:54 UTC, Mansour Moufid	no flags	Details \| Diff
http://milw0rm.com/exploits/8058 (8058.pl,1.20 KB, text/plain) 2009-07-09 21:16 UTC, Robert Buchholz (RETIRED)	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2009-03-04 16:58:41 UTC

CVE-2009-0650 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0650):
  Stack-based buffer overflow in the GetStatsFromLine function in
  TPTEST 3.1.7 and earlier, and possibly 5.02, allows remote attackers
  to cause a denial of service (application crash) and possibly execute
  arbitrary code via a STATS line with a long pwd field.  NOTE: some of
  these details are obtained from third party information.

CVE-2009-0659 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0659):
  Stack-based buffer overflow in the GetStatsFromLine function in
  TPTEST 3.1.7 allows remote attackers to have an unknown impact via a
  STATS line with a long email field.  NOTE: the provenance of this
  information is unknown; the details are obtained solely from third
  party information.

Comment 1 Mansour Moufid 2009-06-11 20:54:33 UTC

Created attachment 194291 [details, diff]
Proposed patch to fix the vulnerabilities in the GetStatsFromLine function in tpcommon.c.

This patch fixes the vulnerability due to strcpy, as well as a couple other potential issues.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2009-07-09 21:16:45 UTC

Created attachment 197416 [details]
http://milw0rm.com/exploits/8058

Comment 3 Chris Reffett (RETIRED) gentoo-dev

2013-10-04 20:52:12 UTC

Revbumped with patch. Arches, please test and stabilize:
=net-analyzer/tptest-3.1.7-r2
Target arches: amd64 ppc sparc x86

Comment 4 Agostino Sarubbo gentoo-dev

2013-10-05 06:19:41 UTC

amd64 stable

Comment 5 Agostino Sarubbo gentoo-dev

2013-10-06 07:51:17 UTC

x86 stable

Comment 6 Agostino Sarubbo gentoo-dev

2013-10-07 19:29:54 UTC

ppc stable

Comment 7 Agostino Sarubbo gentoo-dev

2013-10-09 17:09:34 UTC

sparc stable

Comment 8 Sergey Popov gentoo-dev

2013-10-10 10:39:58 UTC

GLSA request filed

Comment 9 GLSAMaker/CVETool Bot gentoo-dev

2013-10-26 20:52:10 UTC

This issue was resolved and addressed in
 GLSA 201310-16 at http://security.gentoo.org/glsa/glsa-201310-16.xml
by GLSA coordinator Sergey Popov (pinkbyte).