Full Disclosure mailing list archives

Re: [SECURITY] [DSA 590-1] New gnats packages fix arbitrary code execution

From: "Phantasmal Phantasmagoria" <phantasmal () hush ai>
Date: Thu, 11 Nov 2004 20:56:00 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 09 Nov 2004 09:57:27 -0600 Martin Schulze wrote:

Package        : gnats
Vulnerability  : format string vulnerability
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0623
BugTraq ID     : 10609
Debian Bug     : 278577

Khan Shirani discovered a format string vulnerability in gnats,
the
GNU problem report management system.  This problem may be
exploited
to execute arbitrary code.

For the stable distribution (woody) this problem has been fixed in
version 3.999.beta1+cvs20020303-2.

For the unstable distribution (sid) this problem has been fixed in
version 4.0-7.

We recommend that you upgrade your gnats package.


There are exactly zero ways of exploiting this "moderately critical"
 [1] vulnerability. In fact, it's not a vulnerability at all. If
Shirani had done a two minute check of the relevant log_msg() calls
(i.e. those with a severity of LOG_ERR as opposed to LOG_INFO) he
would of found zero instances of user supplied data being used as
an argument.

Before someone embarrasses themselves please take note that the LOG_
INFO severity log_msg() calls do not get passed to syslog(), as
debug_level can only be set to LOG_INFO by a call to
enable_debugging(), of which there are none.

[1] http://secunia.com/advisories/11069/

Yours pedantically,
Phantasmal Phantasmagoria


-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkGUQlwACgkQImcz/hfgxg1+mwCdFH7rMkN3gDZ05JbX7HyslOG+S7QA
nj9OpMofUOIqMDGvHYKJ7vDWtFos
=ukH9
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

[SECURITY] [DSA 590-1] New gnats packages fix arbitrary code execution debian-security-announce (Nov 09)
- <Possible follow-ups>
- Re: [SECURITY] [DSA 590-1] New gnats packages fix arbitrary code execution Phantasmal Phantasmagoria (Nov 11)