Bugtraq mailing list archives

Re: catdoc-0.90 buffer overruns

From: kragen () POBOX COM (Kragen)
Date: Thu, 12 Nov 1998 17:42:07 -0500


This is not just a security problem if catdoc is run with "privileges
users don't have" --- it's a security problem if you accept any
documents from the outside world and then try to read them with catdoc,
without first checking them to see if they have buffer-overflow
attempts in them.

Since, presumably, the usual reason one runs catdoc is that one person
created a document with Microsoft products and another person, without
Microsoft products available, tries to read that document, this is
essentially a constant security hole.

Kragen

--
<kragen () pobox com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
Irony and sarcasm deflate seriousness, and when your seriousness becomes detum-
escent, you're not held responsible for your thoughts. Irony beats thinking like
rock beats scissors. -- http://www.hyperorg.com/backissues/joho-june2-98.html

Current thread:

WWWBoard Vulnerability Samuel Sparling (Nov 09)
- [Linux] klogd 1.3-22 buffer overflow Michal Zalewski (Sep 10)
  - catdoc-0.90 buffer overruns Duncan Simpson (Nov 10)
    - Re: catdoc-0.90 buffer overruns Kragen (Nov 12)
  - Re: klogd 1.3-22 buffer overflow Neil Bright (Nov 11)
    - Re: klogd 1.3-22 buffer overflow Peter van Dijk (Nov 11)
  - Re: [Linux] klogd 1.3-22 buffer overflow Cory Visi (Nov 11)
  - Re: [Linux] klogd 1.3-22 buffer overflow Martin Schulze (Nov 17)
    - Re: [Linux] klogd 1.3-22 buffer overflow Michal Zalewski (Sep 12)
    - Re: [Linux] klogd 1.3-22 buffer overflow security () PENGUIN NET AU (Nov 17)
    - Update to Microsoft Security Bulletin (MS98-015) Aleph One (Nov 18)
    - Multiple KDE security vulnerabilities (root compromise) David G. Andersen (Nov 18)
    - Sun Security Bulletin #00179 Aleph One (Nov 18)
    - Re: Sun Security Bulletin #00179 Jonathan A. Zdziarski (Nov 19)

(Thread continues...)