Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [SECURITY] [DSA 590-1] New gnats packages fix arbitrary code execution
From: "Phantasmal Phantasmagoria" <phantasmal () hush ai>
Date: Thu, 11 Nov 2004 20:56:00 -0800

Hash: SHA1

On Thu, 09 Nov 2004 09:57:27 -0600 Martin Schulze wrote:
Package        : gnats
Vulnerability  : format string vulnerability
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0623
BugTraq ID     : 10609
Debian Bug     : 278577

Khan Shirani discovered a format string vulnerability in gnats,
GNU problem report management system.  This problem may be
to execute arbitrary code.

For the stable distribution (woody) this problem has been fixed in
version 3.999.beta1+cvs20020303-2.

For the unstable distribution (sid) this problem has been fixed in
version 4.0-7.

We recommend that you upgrade your gnats package.

There are exactly zero ways of exploiting this "moderately critical"
 [1] vulnerability. In fact, it's not a vulnerability at all. If
Shirani had done a two minute check of the relevant log_msg() calls
(i.e. those with a severity of LOG_ERR as opposed to LOG_INFO) he
would of found zero instances of user supplied data being used as
an argument.

Before someone embarrasses themselves please take note that the LOG_
INFO severity log_msg() calls do not get passed to syslog(), as
debug_level can only be set to LOG_INFO by a call to
enable_debugging(), of which there are none.

[1] http://secunia.com/advisories/11069/

Yours pedantically,
Phantasmal Phantasmagoria

Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4


Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger

Promote security and make money with the Hushmail Affiliate Program: 

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]