Date: Thu, 18 Oct 2012 20:14:25 -0500 From: Raphael Geissert <geissert@...ian.org> To: Jan Lieskovsky <jlieskov@...hat.com> Cc: "Steven M. Christey" <coley@...us.mitre.org>, oss-security@...ts.openwall.com, Attila Bogar <attila.bogar@...guamatics.com> Subject: Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Hi Jan, everyone, [BCC'ing Malcolm Parsons, who sent me an email about the tmperr buffer overflow this morning. Not sure if he discovered it independently.] On Thursday 18 October 2012 08:50:37 Jan Lieskovsky wrote: > Hello Kurt, Steve, vendors, > > Attila Bogar reported a stack-based buffer overflow > in the way MCrypt, a crypt() package and crypt(1) command > replacement, used to encrypt / decrypt files with overly > long names (longer than 128 bytes). A remote attacker > could provide a specially-crafted file that, when processed > by the mcrypt too, would lead to mcrypt executable crash [*]. > > A different vulnerability than CVE-2012-4409: [...] > References: >  https://bugzilla.redhat.com/show_bug.cgi?id=867790 > > Patch proposed by Attila: >  https://bugzilla.redhat.com/show_bug.cgi?id=867790#c0 Why 132? tmperr is declared as: char tmperr; That would still allow some bytes to be overwritten. [...] > P.S.: I am not sure about relation of this issue to the issue > Raphael Geissert reported previously: >  http://www.openwall.com/lists/oss-security/2012/10/02/1 > > so CC-in him too, he to clarify if  == , or if > they are yet different issues. Raphael, please clarify. They are different issues. The closest is CVE-2012-4426. I didn't look much into those other buffers as they would require an attacker to control the arguments passed to mcrypt(1) to exploit them. Kurt, regarding the issues in , I don't know what other reference you want me to add. There's nothing more than what's on the thread. http://www.openwall.com/lists/oss-security/2012/09/13/22 Regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.