Full Disclosure mailing list archives
Re: [SECURITY] [DSA 590-1] New gnats packages fix arbitrary code execution
From: "Phantasmal Phantasmagoria" <phantasmal () hush ai>
Date: Thu, 11 Nov 2004 20:56:00 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 09 Nov 2004 09:57:27 -0600 Martin Schulze wrote:
Package : gnats Vulnerability : format string vulnerability Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0623 BugTraq ID : 10609 Debian Bug : 278577 Khan Shirani discovered a format string vulnerability in gnats, the GNU problem report management system. This problem may be exploited to execute arbitrary code. For the stable distribution (woody) this problem has been fixed in version 3.999.beta1+cvs20020303-2. For the unstable distribution (sid) this problem has been fixed in version 4.0-7. We recommend that you upgrade your gnats package.
There are exactly zero ways of exploiting this "moderately critical" [1] vulnerability. In fact, it's not a vulnerability at all. If Shirani had done a two minute check of the relevant log_msg() calls (i.e. those with a severity of LOG_ERR as opposed to LOG_INFO) he would of found zero instances of user supplied data being used as an argument. Before someone embarrasses themselves please take note that the LOG_ INFO severity log_msg() calls do not get passed to syslog(), as debug_level can only be set to LOG_INFO by a call to enable_debugging(), of which there are none. [1] http://secunia.com/advisories/11069/ Yours pedantically, Phantasmal Phantasmagoria -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkGUQlwACgkQImcz/hfgxg1+mwCdFH7rMkN3gDZ05JbX7HyslOG+S7QA nj9OpMofUOIqMDGvHYKJ7vDWtFos =ukH9 -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [SECURITY] [DSA 590-1] New gnats packages fix arbitrary code execution debian-security-announce (Nov 09)
- <Possible follow-ups>
- Re: [SECURITY] [DSA 590-1] New gnats packages fix arbitrary code execution Phantasmal Phantasmagoria (Nov 11)