Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 06 Nov 2014 17:07:07 +1100
From: Joshua Rogers <oss@...ernot.info>
To: oss-security@...ts.openwall.com
Subject: CVE-Request: dpkg handling of 'control' and warnings format string
 vulnerability

A format string vulnerability vuln has been found in the latest version
of dpkg.
https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135

An example is: https://internot.info/docs/dpkg_fstring.deb

> dpkg -i --dry-run
> '/home/www/www.internot.info/htdocs/docs/dpkg_fstring.deb'
> dpkg: warning: parsing file '/tmp/dpkg.heOSnC/control' near line 2
> package 'backup:01f15700.00431828.00000001.00000001.0000001a':
>  '%08x.%08x.%08x.%08x.%08x
> Description: Stuff
> maintainer: Joshua Rogers
> version: 1
> ' is not a valid architecture name: escription: Stuff
> maintainer: Joshua Rogers
> version: 1
>

The vulnerable function, warningv([..]), is called in many other places,
and is not limited to '-i'.

Could I get a CVE-ID for this?

Thanks
-- 
-- Joshua Rogers <https://internot.info/>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ