[Bug 192830] New: CVE-2006-2453 Additional dia format string flaws
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192830
Summary: CVE-2006-2453 Additional dia format string flaws
Product: Fedora Extras
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: dia
AssignedTo: j.w.r.degoede(a)hhs.nl
ReportedBy: bressers(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
A number of additional format string issues were discovered by Hans de Goede and
has been assigned the CVE id CVE-2006-2453.
The fix is attachment 129852
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
16 years, 8 months
[Bug 192990] New: CVE-2005-2295 - netpanzer server remote DOS
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192990
Summary: CVE-2005-2295 - netpanzer server remote DOS
Product: Fedora Extras
Version: fc5
Platform: All
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2295
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: netpanzer
AssignedTo: hugo(a)devin.com.br
ReportedBy: tibbs(a)math.uh.edu
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
(from the CVE):
NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service
(infinite loop) via a packet with a zero datablock size.
It seems this has been fixed in upstream SVN, but no release has been made and
unfortunately upstream webSVN seems not to be responding for me.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years, 10 months
(Small) software that needs code audit
by Hans de Goede
Hi,
As some of you already know I'm a computer science teacher at a Dutch
university. Currently I'm giving a course about security.
For my next practical lesson I want my students todo an audit of a small
piece of C-code. Nothing fancy really just looking for sprintf instead
of snprintf, gets instead of fgets, etc. And formatstring vulnerabilities.
Does anyone know of some (small!) piece of software in Fedora (Extras)
that could benefit from this?
And are there any other simple checks my students could do?
Any findings will of course be published.
Thanks & Regards,
Hans
17 years, 11 months
[Bug 191095] multiple vulnerabilities in thttpds htpasswd utility
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: multiple vulnerabilities in thttpds htpasswd utility
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191095
------- Additional Comments From tibbs(a)math.uh.edu 2006-05-26 11:22 EST -------
I did some comparisons but the htpasswd.c in thttpd is so old that it doesn't
resemble any of the code in the Apache versions I have around.
There's one comment in the thttpd htpasswd.c that concerns me:
/* Modified 29aug97 by Jef Poskanzer to accept new password on stdin,
** if stdin is a pipe or file. This is necessary for use from CGI.
I don't know that the Apache htpasswd.c supports this; if not, it would have to
be hacked back in.
I'll attach the current Apache htpasswd.c.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years, 11 months
Form of submitted security issues
by Jason L Tibbitts III
OK, I submitted a couple of security issues. Could someone comment on
whether I followed the proper procedure, use the proper form for
entries in the audit list, etc?
Also, one of the bugs was noted as perhaps not being a security issue.
I don't really want to be in the position of deciding what is and is
not a security issue, but I'd like to know: is there agreement that I
should not have entered one or both of those issues at all?
- J<
17 years, 11 months
Dia format string vulnerabilities (correction)
by Hans de Goede
Hi all,
I was a bit short on time when I mailed my previous mail on this, so I
didn't test (I didn't even compile) the patch. It turns out my previous
patch contained one cut and paste error causing compilation to fail.
The attached patch fixes this and has been tested.
Regards,
Hans
17 years, 11 months