Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Thu, 4 Sep 2008 13:07:08 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: GNU ed heap overflow


Use CVE-2008-3916... with caveat.

While everything's inter-connected these days and maye ed can be invoked
from some URI handler, or behind some application that passes user input
to ed, I'm generally uncomfortable assigning a CVE for this type of "local
issue" unless there's a reasonable usage scenario under which the
application is reachable (WordNet has reasonable usage scenarios as a back
end, for example).


======================================================
Name: CVE-2008-3916
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3916
Reference: MLIST:[bug-ed] 20080821 Version 1.0 of GNU ed released
Reference: URL:http://lists.gnu.org/archive/html/bug-ed/2008-08/msg00000.html
Reference: SECTRACK:1020734
Reference: URL:http://www.securitytracker.com/id?1020734
Reference: XF:gnued-stripescapes-bo(44643)
Reference: URL:http://xforce.iss.net/xforce/xfdb/44643

Heap-based buffer overflow in the strip_escapes function in signal.c
in GNU ed before 1.0 allows context-dependent or user-assisted
attackers to execute arbitrary code via a long filename.  NOTE: since
ed itself does not typically run with special privileges, this issue
only crosses privilege boundaries when ed is invoked as a third-party
component.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux