Date: Thu, 18 Oct 2012 09:50:37 -0400 (EDT) From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> Cc: oss-security@...ts.openwall.com, Attila Bogar <attila.bogar@...guamatics.com>, Raphael Geissert <geissert@...ian.org> Subject: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Hello Kurt, Steve, vendors, Attila Bogar reported a stack-based buffer overflow in the way MCrypt, a crypt() package and crypt(1) command replacement, used to encrypt / decrypt files with overly long names (longer than 128 bytes). A remote attacker could provide a specially-crafted file that, when processed by the mcrypt too, would lead to mcrypt executable crash [*]. A different vulnerability than CVE-2012-4409:  https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4409 Note: Using Red Hat bugzilla record for CVE-2012-4409 since particular Mitre record is not described yet. References:  https://bugzilla.redhat.com/show_bug.cgi?id=867790 Patch proposed by Attila:  https://bugzilla.redhat.com/show_bug.cgi?id=867790#c0 Reproducer: To reproduce let mcrypt encrypt / decrypt file with name longer ~128 bytes. Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team [*] FORTIFY_SOURCE protection mechanism would mitigate this deficiency to result into crash only. But on systems, without FORTIFY_SOURCE protection being applied, the impact might be higher. P.S.: I am not sure about relation of this issue to the issue Raphael Geissert reported previously:  http://www.openwall.com/lists/oss-security/2012/10/02/1 so CC-in him too, he to clarify if  == , or if they are yet different issues. Raphael, please clarify. Thanks, Jan.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ