oss-sec mailing list archives
Re: CVE id request: Multiple buffer overflow in unixODBC
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 30 May 2012 11:00:02 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/30/2012 02:07 AM, Tomas Hoger wrote:
On Tue, 29 May 2012 09:42:42 -0300 Felipe Pena wrote:Multiple buffer overflow in unixODBC =========================== The library unixODBC doesn't check properly the input from FILEDSN=, DRIVER= options in the DSN, which causes buffer overflow when passed to the SQLDriverConnect() function.Reports like this - covering bugs in parsing of the configuration parameters (i.e. generally trusted input) - should include some reasoning why these should be considered security. Nothing obvious not intended to break PHP safe_mode comes to mind.
Ahh my bad, I misunderstood this to be options that could be passed by the program as a standard part of the query, and thus controlled by the attacker. If this is indeed limited to configuration files and there are not extenuating circumstances that allow exploitation I will have to REJECT these CVEs. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPxlISAAoJEBYNRVNeJnmTzrQP/1W+UtyjNdefNl+69mEYBXSn jdQCVKUGKKKKUoYoGYqfKGqeLlRPrhHadW1XftahImrfZDtz56sk4QRLhCot4S5m yvU7U/L1Z+LRG1sDFsTjtmWpBy7/aOUDc1/UBk99rekOybmEsExIa1FzJkVCS0t4 LP0zGdAqQPv0y9bvMM/NNNVRny73Je+BX/rjslXJIRNXCphiX77GjknVTwNFJmJW UIaAe8DI2RncsFzGAVc2aCTCgYedTMjb9vfV/GuAo/6vY++75hZ6exXajt/B+IbP Gm6gx1L249Mly0fRhK+wXAoioCK/a+RcMFeJckg+4tmnR+95onYd62OJleayMDa2 Sm6AUcJ2s2/vhG3xHIjXBAH4JBzPXV02Wm9W/5kcP4KNqaJ4uDUbMKva9y4lBCZy PqFu+aXTKAbky2m+2kdOPMmL/rL4vlrl+qe3bZuueq3TSxqM5QyMStqm1ytsEL8t 1jAx2ok5iN4uLqcy60xM7CWI54u0ogKrtY+QntlYmyz1pQrbadlfkEkx0bPUxBJa rzZjPOCEuZNuBPOT4mjtbE9fnx5lXhQbsoW6OVsWIoB/nIXw4NZBze1ITGLa/LOM cj5gNi2IZ2SSrvGFE/pXlqPXDFbjs31G0Bf2ngE9e7t0C2daU7s3hBaWV0hDRVx5 oaP9VTZZbgOaIZ/ormjd =56Mz -----END PGP SIGNATURE-----
Current thread:
- CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 29)
- Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 29)
- Re: CVE id request: Multiple buffer overflow in unixODBC Tomas Hoger (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Henri Salo (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Tomas Hoger (May 31)
- Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (Jun 05)