oss-sec mailing list archives

Re: CVE id request: Multiple buffer overflow in unixODBC

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 30 May 2012 11:00:02 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/30/2012 02:07 AM, Tomas Hoger wrote:

On Tue, 29 May 2012 09:42:42 -0300 Felipe Pena wrote:

Multiple buffer overflow in unixODBC ===========================

The library unixODBC doesn't check properly the input from
FILEDSN=, DRIVER= options in the DSN, which causes buffer
overflow when passed to the SQLDriverConnect() function.


Reports like this - covering bugs in parsing of the configuration 
parameters (i.e. generally trusted input) - should include some 
reasoning why these should be considered security.  Nothing obvious
not intended to break PHP safe_mode comes to mind.


Ahh my bad, I misunderstood this to be options that could be passed by
the program as a standard part of the query, and thus controlled by
the attacker. If this is indeed limited to configuration files and
there are not extenuating circumstances that allow exploitation I will
have to REJECT these CVEs.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPxlISAAoJEBYNRVNeJnmTzrQP/1W+UtyjNdefNl+69mEYBXSn
jdQCVKUGKKKKUoYoGYqfKGqeLlRPrhHadW1XftahImrfZDtz56sk4QRLhCot4S5m
yvU7U/L1Z+LRG1sDFsTjtmWpBy7/aOUDc1/UBk99rekOybmEsExIa1FzJkVCS0t4
LP0zGdAqQPv0y9bvMM/NNNVRny73Je+BX/rjslXJIRNXCphiX77GjknVTwNFJmJW
UIaAe8DI2RncsFzGAVc2aCTCgYedTMjb9vfV/GuAo/6vY++75hZ6exXajt/B+IbP
Gm6gx1L249Mly0fRhK+wXAoioCK/a+RcMFeJckg+4tmnR+95onYd62OJleayMDa2
Sm6AUcJ2s2/vhG3xHIjXBAH4JBzPXV02Wm9W/5kcP4KNqaJ4uDUbMKva9y4lBCZy
PqFu+aXTKAbky2m+2kdOPMmL/rL4vlrl+qe3bZuueq3TSxqM5QyMStqm1ytsEL8t
1jAx2ok5iN4uLqcy60xM7CWI54u0ogKrtY+QntlYmyz1pQrbadlfkEkx0bPUxBJa
rzZjPOCEuZNuBPOT4mjtbE9fnx5lXhQbsoW6OVsWIoB/nIXw4NZBze1ITGLa/LOM
cj5gNi2IZ2SSrvGFE/pXlqPXDFbjs31G0Bf2ngE9e7t0C2daU7s3hBaWV0hDRVx5
oaP9VTZZbgOaIZ/ormjd
=56Mz
-----END PGP SIGNATURE-----

Current thread:

CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 29)
- Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 29)
- Re: CVE id request: Multiple buffer overflow in unixODBC Tomas Hoger (May 30)
  - Re: CVE id request: Multiple buffer overflow in unixODBC Henri Salo (May 30)
  - Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 30)
    - Re: CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 30)
    - Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 30)
    - Re: CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 30)
    - Re: CVE id request: Multiple buffer overflow in unixODBC Tomas Hoger (May 31)
    - Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (Jun 05)