[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)

On Mon, Nov 01, 2004 at 11:02:21AM +0000, Steve Kemp wrote:
> On Fri, Oct 29, 2004 at 10:12:33PM +0200, Frank Lichtenheld wrote:
> 
> > Perhaps someone with a little more experience in identifying security
> > problems should take a look, too. I CC'ed debian-security.
> 
>   Here's a quick summery :
> 
>   To be clear there are three flaws being discussed in xsok:
> 
>    CAN-2004-0074 - overflow with LANG environmental variable.
>                  - overflow due to long '-xsokdir' parameter.
> 
>    CAN-2003-0949 - Failure to drop privileges when unzipping.
> 
>   The second one was discovered by me and closed in DSA-405-1
> 
>   The first one is in two parts, the environmental variable
>  overflow is patched already by the package maintainer.  The
>  second appears to be not an issue given this code:
[...]

>   Run the following command to test if it's vulnerable:
> 
>  xsok -xsokdir `perl -e 'print "X"x3000'`

Seems not to be vulnerable:
djpig@feynman:/usr/src$ xsok -xsokdir `perl -e 'print "X"x3000'`
directory too long

I will close the bug and I will ask Joey to add CAN-2004-0074 to
the non-vulns list.

Gruesse,
-- 
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/
Reply to: