Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Oct 2013 08:04:28 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com, kseifried@...hat.com
Subject: Re: CVE request: echoping buffer overflow
 vulnerabilities

On Fri, Oct 18, 2013 at 10:35:18PM -0600, Kurt Seifried wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 10/17/2013 05:18 AM, Sergey Popov wrote:
> > Echoping 6.0.2 and before contains several buffer overflow 
> > vulnerabilities that can lead to execution of arbitrary code on
> > the system or cause the application to crash.
> > 
> > Bug report in Gentoo: 
> > https://bugs.gentoo.org/show_bug.cgi?id=349569
> > 
> > Some additional info: http://xforce.iss.net/xforce/xfdb/64141 
> > http://secunia.com/advisories/42619/
> > 
> > Issue is fixed in upstream[1], but no release yet.
> > 
> > Please assign a CVE for this, thanks.
> > 
> > [1] - http://sourceforge.net/p/echoping/bugs/55/
> 
> Please use CVE-2013-4448 for this issue.

This should receive a CVE-2010-xxxx ID. It was originally reported to the 
Debian BTS in December 2010 (as linked in the sf bugtracker):
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606808

Cheers,
        Moritz

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ