Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Oct 2013 08:04:28 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com, kseifried@...hat.com
Subject: Re: CVE request: echoping buffer overflow
 vulnerabilities

On Fri, Oct 18, 2013 at 10:35:18PM -0600, Kurt Seifried wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 10/17/2013 05:18 AM, Sergey Popov wrote:
> > Echoping 6.0.2 and before contains several buffer overflow 
> > vulnerabilities that can lead to execution of arbitrary code on
> > the system or cause the application to crash.
> > 
> > Bug report in Gentoo: 
> > https://bugs.gentoo.org/show_bug.cgi?id=349569
> > 
> > Some additional info: http://xforce.iss.net/xforce/xfdb/64141 
> > http://secunia.com/advisories/42619/
> > 
> > Issue is fixed in upstream[1], but no release yet.
> > 
> > Please assign a CVE for this, thanks.
> > 
> > [1] - http://sourceforge.net/p/echoping/bugs/55/
> 
> Please use CVE-2013-4448 for this issue.

This should receive a CVE-2010-xxxx ID. It was originally reported to the 
Debian BTS in December 2010 (as linked in the sf bugtracker):
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606808

Cheers,
        Moritz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.