Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 91303 - net-proxy/oops: auth() Format String Flaw
Summary: net-proxy/oops: auth() Format String Flaw
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B1? [glsa] jaervosz
Depends on:
Reported: 2005-05-03 06:35 UTC by Jean-François Brunette (RETIRED)
Modified: 2005-05-05 15:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Jean-François Brunette (RETIRED) gentoo-dev 2005-05-03 06:35:51 UTC
CVE Reference:  CAN-2005-1121   (Links to External Site)  
Version(s): 1.5.23 and prior versions 
Description:  A format string vulnerability was reported in Oops! A remote user may be able to execute arbitrary code. 

The passwd_mysql/passwd_pgsql module auth() function contains a call to the my_xlog() function that does not include a format string specifier. A remote user can supply a specially crafted HTTP request to trigger the vulnerability and cause the service to crash or execute arbitrary code.

A demonstration exploit request is provided:

GET http://%s%s%s%s%s%s%s%s/ HTTP/1.0
Proxy-Authorization: Basic Z2hjOnJzdA==

The flaw resides in 'passwd_sql.c'.

Edisan from RST/GHC reported this vulnerability. 
Impact:  A remote user can cause the service to crash or execute arbitrary code.
Solution:  A patch is available at:
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-03 13:26:25 UTC
net-proxy please advise.
Comment 2 Alin Năstac (RETIRED) gentoo-dev 2005-05-03 15:36:10 UTC
bug confirmed.
I've bumped version to the current 1.5.24 pre-release and marked as stable on x86.
Comment 3 Gustavo Zacarias (RETIRED) gentoo-dev 2005-05-04 06:36:52 UTC
sparc done.
Comment 4 Luke Macken (RETIRED) gentoo-dev 2005-05-05 15:36:16 UTC
GLSA 200505-02, thanks everyone!