Re: Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)
On Mon, Nov 01, 2004 at 11:02:21AM +0000, Steve Kemp wrote:
> On Fri, Oct 29, 2004 at 10:12:33PM +0200, Frank Lichtenheld wrote:
>
> > Perhaps someone with a little more experience in identifying security
> > problems should take a look, too. I CC'ed debian-security.
>
> Here's a quick summery :
>
> To be clear there are three flaws being discussed in xsok:
>
> CAN-2004-0074 - overflow with LANG environmental variable.
> - overflow due to long '-xsokdir' parameter.
>
> CAN-2003-0949 - Failure to drop privileges when unzipping.
>
> The second one was discovered by me and closed in DSA-405-1
>
> The first one is in two parts, the environmental variable
> overflow is patched already by the package maintainer. The
> second appears to be not an issue given this code:
[...]
> Run the following command to test if it's vulnerable:
>
> xsok -xsokdir `perl -e 'print "X"x3000'`
Seems not to be vulnerable:
djpig@feynman:/usr/src$ xsok -xsokdir `perl -e 'print "X"x3000'`
directory too long
I will close the bug and I will ask Joey to add CAN-2004-0074 to
the non-vulns list.
Gruesse,
--
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/
Reply to: