oss-sec mailing list archives
Re: CVE id request: Multiple buffer overflow in unixODBC
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 29 May 2012 11:10:00 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/29/2012 06:42 AM, Felipe Pena wrote:
Hi, please assign a CVE id for the issue: Multiple buffer overflow in unixODBC =========================== The library unixODBC doesn't check properly the input from FILEDSN=, DRIVER= options in the DSN, which causes buffer overflow when passed to the SQLDriverConnect() function. The unixODBC maintainer has been notified about the issue. Version affected ============ FILEDSN= as of 2.0.10 DRIVER= as of 2.3.1 PoC === $ ./poc "FILEDSN=$(python -c "print 'A'*10000")" Segmentation fault (gdb) bt #0 0x00007ffff7bc8c81 in SQLReadFileDSN (pszFileName=<value optimized out>, pszAppName=<value optimized out>, pszKeyName=<value optimized out>, pszString=<value optimized out>, nString=<value optimized out>, pnString=<value optimized out>) at SQLReadFileDSN.c:207 #1 0x4141414141414141 in ?? () CREDITS ======= This bug was discovered by Felipe Pena. BugSec Team - http://www.bugsec.com.br/
Splitting into two CVE's due to the different versions affected: Please use CVE-2012-2657 for unixODBC 2.0.10 buffer overflow in FILEDSN= Please use CVE-2012-2658 for unixODBC 2.3.1 buffer overflow in DRIVER= - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIbBAEBAgAGBQJPxQLnAAoJEBYNRVNeJnmTiloP+KTgTGtz1zQArKVZLkypLSIf 6ZTpQ4TZCv961JBQjn6aR682hGHFwWbAWehqDNVhJTJ+aolnQqVvNb4r7B+jBNAj opCQLQ86FyjwLGjh5SP2n38rQIp5mfZHXZJfqugHayD1ovCHXNq6ScaFm2hTwhYp 1sWNZJ9UUYtWjbeILR4PQZuSED8w2+5m6oZRtyZ7FqJSW8e1fMzuYsGImxXXMGTG CjKOuzizzbtnaPdGVOiL0rolwGDGfqcmaZPCQpg2eYLCuYAtUf2yLhUkiFIsMMOO JFrlWG00gZtqIDiaIJeeGhWg5BoDNJzaDtuZ1Mg3OtS42tR3wFIzRnCmqjAMLsZa BSrYa2IczAJIvJPFWOTcHXlHkWmjmhl3K3Dwy04r4gmMvg0wOyeUtf4VdjvbHHQu IQ0R1vVaVDWlfrq3kGxnB6ZMBJjUdJ41olKjpZB6k5PJWcYI+lfgG8t2diBldZ8Z gvMn5yiIxTX08ad7doXbmhRp14u06zfNoqHz671G/pcw70DO4Th9oVjrujqrCtyT JOmb7aWAQu9cGsdP/c3rpL9mrMG7a/e8yc6BOtVi3OQFlGOc8oecqDB0KB2tSeLm yrgM1lhF7ZScaEMmAiogikiqoLvZy1Ol4niRZTquG/9HkHYatNePFJMhC8GpJqEL LReUsHTvMoaWsyjUoD8= =QCpI -----END PGP SIGNATURE-----
Current thread:
- CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 29)
- Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 29)
- Re: CVE id request: Multiple buffer overflow in unixODBC Tomas Hoger (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Henri Salo (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Tomas Hoger (May 31)
- Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (Jun 05)