229157 – (CVE-2008-2828) net-im/tmsnc <0.3.2-r1 UBX Stack-based buffer overflow (CVE-2008-2828)

Bug 229157 (CVE-2008-2828) - net-im/tmsnc <0.3.2-r1 UBX Stack-based buffer overflow (CVE-2008-2828)

Summary: net-im/tmsnc <0.3.2-r1 UBX Stack-based buffer overflow (CVE-2008-2828)

Status:	RESOLVED FIXED

Alias:	CVE-2008-2828

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://bugs.debian.org/cgi-bin/bugrep...
Whiteboard:	B2 [maskglsa]
Keywords:

Depends on:	240045
Blocks:
	Show dependency tree

Reported:	2008-06-24 01:49 UTC by Robert Buchholz (RETIRED)
Modified:	2009-03-12 14:03 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
tmsnc-UBX-buffer-overflow-CVE-2008-2828 (core_net.c.patch,600 bytes, patch) 2008-07-06 21:25 UTC, Pierre-Yves Rofes (RETIRED)	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-06-24 01:49:58 UTC

CVE-2008-2828 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2828):
  Stack-based buffer overflow in tmsnc allows remote attackers to cause a
  denial of service (crash) and possibly execute arbitrary code via an MSN
  packet with a UBX commands containing a large UBX payload length field.

Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-07-06 21:25:22 UTC

Created attachment 159737 [details, diff]
tmsnc-UBX-buffer-overflow-CVE-2008-2828

here's the patch from Nico Golde. net-im, please bump as necessary.

Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-07-21 20:25:01 UTC

(In reply to comment #1)
> Created an attachment (id=159737) [edit]
> tmsnc-UBX-buffer-overflow-CVE-2008-2828
> 
> here's the patch from Nico Golde. net-im, please bump as necessary.
> 

*ping*

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2008-10-04 19:05:58 UTC

+*tmsnc-0.3.2-r1 (04 Oct 2008)
+
+  04 Oct 2008; Robert Buchholz <rbu@gentoo.org>
+  +files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch,
+  +tmsnc-0.3.2-r1.ebuild:
+  Fix stack based buffer overflow (security bug #229157)
+

Comment 4 Robert Buchholz (RETIRED) gentoo-dev

2008-10-04 19:10:27 UTC

Arches, please test and mark stable:
=net-im/tmsnc-0.3.2-r1
Target keywords : "amd64 hppa ppc x86"

Comment 5 Jeroen Roovers (RETIRED) gentoo-dev

2008-10-05 17:31:28 UTC

Hmm, I get "The protocols doesn't match"[sic] during login. Any ideas?

Comment 6 Stefan Behte (RETIRED) gentoo-dev

2008-10-05 18:09:54 UTC

In June/July there has been a protocol change in ICQ, all ICQ clients were affected.
tmsnc is discontinued, their SVN tree (http://tmsnc.svn.sourceforge.net/viewvc/tmsnc/so) is 2 years old.
If 0.3.2 does not work anymore, it's very likely we won't get a fix.

Proposed solutions:
a) we fix it 
b) remove it from the tree

Also see:
http://forums.gentoo.org/viewtopic-t-698545-highlight-licq.html

Comment 7 Robert Buchholz (RETIRED) gentoo-dev

2008-10-05 18:22:47 UTC

I guess I should have tried more than a program startup.

I'm removing arches, let's remove this.

Comment 8 Olivier Crete (RETIRED) gentoo-dev

2009-03-01 21:04:18 UTC

gone from the tree

Comment 9 Robert Buchholz (RETIRED) gentoo-dev

2009-03-02 16:11:28 UTC

glsa still to be sent

Comment 10 Robert Buchholz (RETIRED) gentoo-dev

2009-03-12 14:03:17 UTC

GLSA 200903-26