Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 03 Jan 2013 11:38:39 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Jan Wielemaker <J.Wielemaker@...vu.nl>, Petr Pisar <ppisar@...hat.com>
Subject: Re: CVE Request - SWI-Prolog / pl (X < 6.2.5): Multiple
 (stack-based) buffer overflows in patch canonisation code and when expanding
 file-names with long paths

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/03/2013 08:32 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
> SWI-Prolog upstream has released [2] 6.2.5 / 6.3.7 versions, 
> correcting the following two security flaws:
> 
> * Issue #1 (from [2]): ======================= * FIXED: Possible
> buffer overrun in patch canonisation code. Pushes pointers on an
> automatic array without checking for overflow.  Can be used for DoS
> attacks. Will be extremely hard to make it execute arbitrary code.
> 
> Relevant upstream patch: [1]
> http://www.swi-prolog.org/git/pl.git/commitdiff/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c
>
>  References: [2]
> https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html
>
> 
[3] https://bugzilla.redhat.com/show_bug.cgi?id=891577

Please use CVE-2012-6089  for this issue.

> * Issue #2 - from [2]: ====================== * SECURITY: Possible
> buffer overflows when expanding file-names with long paths.
> Affects expand_file_name/2.  Can lead to crashes (DoS attacks) and
> possibly execution of arbitrary code if an attacker can control the
> names of the files searched for, e.g., if expand_file_name/2 is
> used in a directory to which an attacker can upload files for which
> he can control the name.
> 
> Relevant upstream patch: [4]
> http://www.swi-prolog.org/git/pl.git/commitdiff/b2c88972e7515ada025e97e7d3ce3e34f81cf33e
>
>  References: [5]
> https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html
>
> 
[6] https://bugzilla.redhat.com/show_bug.cgi?id=891577

Please use CVE-2012-6090 for this issue.

> Could you allocate CVE ids for these? (iilc two should be enough)

Done, thanks!

> 
> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ5dAvAAoJEBYNRVNeJnmTsLkP/RuQEHZexgB64pBN/plCIZ4f
Es0joWv/R1U2t+n/6h/8+PsDxUGiH7i7Nf9ifUY03Mu5jMooyZxf70SGE5zSA7R/
cq4u07HkQSCnQnu0mFNxORue4+Yh2Wz526J232pvELSgUnKQcuS/CeCD15RB35ee
kmxmzfOLyGB+C7DjjmUksN5NGREXwO9u2ptR5Yb6BmYQVBtwW440Pf0cxtnIngn7
zOQBcWabE5Kh5jpImnyw1d9j3xs6SYPPwJxL8l9/SYsCTrU6y6wP6ObMmIJ6Zqel
wDCKQ7skw/EY8vWZOnBoJWH85qwkkwkM7xmpPQpLJepuIWTduaLPOCxeuWktDT++
//lcAOaiHnGxbTUz+hQmo92gOgzWklo5ee8sWctXftROnRB0pYTnrdj7mRGuBw++
/0dyy2P0SYZS5X3X3WZW0Rtwu2hvaXsmtXSGJkvD96JKQ/awQokj4xqoSqt3WtZA
H1MLNHmQF7VVxG3jXGpLx3t19v6DqtmRSoAj+NFDtP42/c9PEEKWdGQCT90hMeml
X9L8QTFlazTtAqbzsU9il3hpJ0kUPu5LX0/cii1SH6EIUuZoT8xHpfm1l8oMzYgv
ZoHnjf6Z5yg6Vkv71j4AU5AmObA9DRBzu7TU7K8JY4NC9PhrRfz8Vv0ZFnGCjmID
ByjwBKjHYV92HEylaVw5
=d2im
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ