566122 – (CVE-2015-8107) <app-text/a2ps-4.14-r1: format string vulnerability leading to code execution (CVE-2015-8107)

Bug 566122 (CVE-2015-8107) - <app-text/a2ps-4.14-r1: format string vulnerability leading to code execution (CVE-2015-8107)

Summary: <app-text/a2ps-4.14-r1: format string vulnerability leading to code execution...

Status:	RESOLVED FIXED

Alias:	CVE-2015-8107

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2015-11-18 14:03 UTC by Agostino Sarubbo
Modified:	2017-01-21 18:29 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2015-11-18 14:03:53 UTC

From ${URL} :

When a user runs a2ps with malicious crafted pro(a2ps prologue) file, an attacker can execute 
arbitrary code. The function output_file processes the %Expand command in pro file. The variable 
`expansion' in the function output_file may hold a malicious input string, which can be used as a 
format argument of vsprintf. 

No upstream patch is available at this moment.

Original report:

http://seclists.org/oss-sec/2015/q4/284


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-01-21 18:29:12 UTC

RH/Fedora has https://bugzilla.redhat.com/show_bug.cgi?id=1283156#c2 to fix CVE-2015-8107.

In Gentoo we have https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-text/a2ps/files/a2ps-4.14-cleanup.patch?view=log which fixes the same things.


No PoC for ACE/RCE, downgraded to B3.

GLSA Vote: No

Repository is clean.