Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ GLSA 200809-15 ] GNU ed: User-assisted execution of arbitrary code
From: Pierre-Yves Rofes <py () gentoo org>
Date: Tue, 23 Sep 2008 23:56:51 +0200

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200809-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                             http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

   Severity: Normal
      Title: GNU ed: User-assisted execution of arbitrary code
       Date: September 23, 2008
       Bugs: #236521
         ID: 200809-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A buffer overflow vulnerability in ed may allow for the remote
execution of arbitrary code.

Background
==========

GNU ed is a basic line editor. red is a restricted version of ed that
does not allow shell command execution.

Affected packages
=================

     -------------------------------------------------------------------
      Package      /  Vulnerable  /                          Unaffected
     -------------------------------------------------------------------
   1  sys-apps/ed        < 1.0                                   >= 1.0

Description
===========

Alfredo Ortega from Core Security Technologies reported a heap-based
buffer overflow in the strip_escapes() function when processing overly
long filenames.

Impact
======

A remote attacker could entice a user to process specially crafted
commands with ed or red, possibly resulting in the execution of
arbitrary code with the privileges of the user running the application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All GNU ed users should upgrade to the latest version:

     # emerge --sync
     # emerge --ask --oneshot --verbose ">=sys-apps/ed-1.0"

References
==========

   [ 1 ] CVE-2008-3916
         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3916

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

   http://security.gentoo.org/glsa/glsa-200809-15.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security () gentoo org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [ GLSA 200809-15 ] GNU ed: User-assisted execution of arbitrary code Pierre-Yves Rofes (Sep 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]