Date: Mon, 21 Oct 2013 08:04:28 +0200 From: Moritz Muehlenhoff <jmm@...ian.org> To: oss-security@...ts.openwall.com, kseifried@...hat.com Subject: Re: CVE request: echoping buffer overflow vulnerabilities On Fri, Oct 18, 2013 at 10:35:18PM -0600, Kurt Seifried wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 10/17/2013 05:18 AM, Sergey Popov wrote: > > Echoping 6.0.2 and before contains several buffer overflow > > vulnerabilities that can lead to execution of arbitrary code on > > the system or cause the application to crash. > > > > Bug report in Gentoo: > > https://bugs.gentoo.org/show_bug.cgi?id=349569 > > > > Some additional info: http://xforce.iss.net/xforce/xfdb/64141 > > http://secunia.com/advisories/42619/ > > > > Issue is fixed in upstream, but no release yet. > > > > Please assign a CVE for this, thanks. > > > >  - http://sourceforge.net/p/echoping/bugs/55/ > > Please use CVE-2013-4448 for this issue. This should receive a CVE-2010-xxxx ID. It was originally reported to the Debian BTS in December 2010 (as linked in the sf bugtracker): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606808 Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ