Bug 1012974 (CVE-2013-4385)

Summary: CVE-2013-4385 chicken: buffer overrun
Product: [Other] Security Response Reporter: Ratul Gupta <ratulg>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: relrod
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-25 02:40:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1012977, 1012979    
Bug Blocks: 1012976    

Description Ratul Gupta 2013-09-27 13:28:01 UTC 
Chicken, a compiler for the Scheme programming language, is found to have a buffer overrrun flaw due to the read-string! procedure from the "extras" unit, when used in a particular way.

It was found that there was a missing check for the situation when NUM was at #f (the scheme value for false) in the buffer as the buffer size, then it will read beyond the buffer until the input port is exhausted. This may result in a DoS or a remote code execution.

Though currently all stable releases are vulnerable to this flaw, there is a simple workaround to be used in code that uses read-string!: simply convert all (read-string! #f buf ...) invocations to (read-string! (string-length buf) buf ...) or, if possible, use the non-destructive read-string procedure from the same unit.

References:
http://seclists.org/oss-sec/2013/q3/677
http://lists.nongnu.org/archive/html/chicken-announce/2013-09/msg00000.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724740
http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26
Comment 1 Ratul Gupta 2013-09-27 13:31:18 UTC 
Created chicken tracking bugs for this issue:

Affects: fedora-all [bug 1012977]
Affects: epel-6 [bug 1012979]
Comment 2 Fedora Update System 2013-09-30 00:48:00 UTC 
chicken-4.8.0.4-4.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.