Bug#687597: openslp-dfsg: touch bug CVE-2012-4428
severity 687597 important
thanks
On Sat, Jan 05, 2013 at 09:01:45PM +0100, John Paul Adrian Glaubitz wrote:
>Hi,
>
>there has also been an upstream bug report filed [1].
>
>Might be reasonable to check back there from time to time. No patch
>yet, unfortunately.
I had a look at this yesterday. The buffer-handling in libslp *looks*
suspect to me (in terms of tracking lengths of text fields etc.), but
I can't see an easy way to reproduce the bug here to verify my
suspicions. I've followed up on the upstream bug to ask about this.
In the meantime, even if the code looks dodgy I *don't* see it as
being particularly likely to be exploitable, more a DoS at worst, and
only on a local-network basis rather than truly remote. I'm dropping
severity from grave accordingly - feel free to re-raise if you think
I'm wrong.
--
Steve McIntyre, Cambridge, UK. steve@einval.com
"C++ ate my sanity" -- Jon Rabone
Reply to: