Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 468106 - <games-simulation/flightgear-3.0.0: improper handling of format strings
Summary: <games-simulation/flightgear-3.0.0: improper handling of format strings
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://code.google.com/p/flightgear-b...
Whiteboard: B3 [glsa]
Keywords:
Depends on: 505912
Blocks:
  Show dependency tree
 
Reported: 2013-05-01 10:08 UTC by Agostino Sarubbo
Modified: 2016-03-12 23:18 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-05-01 10:08:17 UTC
From ${URL} :

It was reported [1] that FlightGear suffers from improper handling of format strings when 
FlightGear is started with allowances for remote access (via the --props or --telnet commandline 
arguments).  If a remote attacker were able to connect to FlightGear and set special parameters 
related with clouds, it could cause FlightGear to crash.

This is due to the cloud name being used as the format string parameter in the snprintf function in 
flightgear/src/Environment/fgclouds.cxx, in the FGClouds::buildLayer() function:


176 void FGClouds::buildLayer(int iLayer, const string& name, double coverage) {
...
228                         do {
229                                 variety++;
230                                 snprintf(variety_name, sizeof(variety_name) - 1, 
cloud_name.c_str(), variety);
231                         } while( box_def_root->getChild(variety_name, 0, false) );


[1] http://kuronosec.blogspot.ca/2013/04/flightgear-remote-format-string.html


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-07-03 01:28:49 UTC
No patch available from upstream, though the problematic block of code is mentioned in $URL. Red Hat has fixed it in their repos but I couldn't find the fix they used.
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2014-08-10 19:09:32 UTC
These issues were fixed with FlightGear 3.0. Maintainers, any reason why ppc was not stabilized in bug 505912? Can we call for stabilization here and get this bug closed?
Comment 3 Maciej Mrozowski gentoo-dev 2014-08-12 21:41:52 UTC
See https://bugs.gentoo.org/show_bug.cgi?id=488552#c6
Flighgear is dropped to ~arch.
I will proceed with removal of <flightgear-3.0.0 from tree.
Comment 4 Maciej Mrozowski gentoo-dev 2014-08-12 22:46:45 UTC
I removed the following versions from tree:

<dev-games/simgear-3.0.0
<games-simulation/flightgear-3.0.0
<games-simulation/flightgear-data-3.0.0


This effectively drops stable ppc keywords from those packages.
PPC users are advised to switch to ~ppc for them.
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2016-02-21 13:07:38 UTC
Very old bug.  amd64 and x86 stable.  Moving to GLSA process.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2016-03-12 23:18:37 UTC
This issue was resolved and addressed in
 GLSA 201603-12 at https://security.gentoo.org/glsa/201603-12
by GLSA coordinator Kristian Fiskerstrand (K_F).