Bug 372021 (CVE-2008-1227)
Summary: | CVE-2008-1227 Logging into silc account crashes pidgin | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Nathan G. Grennan <redhat-bugzilla> | ||||
Component: | libsilc | Assignee: | Stu Tomlinson <stu> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 8 | CC: | lkundrak, lvilla, stu, wtogami | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | 1.0.2-5.fc8 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-02-28 21:35:54 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Nathan G. Grennan
2007-11-09 01:51:23 UTC
I can confirm this odd behavior that happens just with silc accounts. A workaround for this problem is to downgrade to libsilc-1.0.2-2.fc6, the one installed by default under fedora 7. This suggest to me that the problem could be in libsilc itself but I didn't investigate deeper. I think we'll need a backtrace with both pidgin-debuginfo and libsilc-debuginfo installed to be able to get anywhere with this. Created attachment 290915 [details]
Backtrace with debuginfo
This appears to be a libsilc problem, could you please try this libsilc package to see if the crash is fixed, and if you are now able to log in to silc? http://koji.fedoraproject.org/scratch/nosnilmot/task_328484/ This seems to solve the problem for me. Now I can log in to silc without crashing pidgin anymore. libsilc-1.0.2-5.fc7 has been submitted as an update for Fedora 7 libsilc-1.0.2-5.fc8 has been submitted as an update for Fedora 8 libsilc-1.0.2-5.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update libsilc'. You can provide feedback for this update here: http://admin.fedoraproject.org/F8/FEDORA-2008-1041 libsilc-1.0.2-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. libsilc-1.0.2-5.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. I'm not convinced the contents of the buffer are in attacker's control; did anyone conduct some investigation? (In reply to comment #11) > I'm not convinced the contents of the buffer are in attacker's control; did > anyone conduct some investigation? I asked this of upstream and the reply was: > I'm not sure but I think this wasn't so serious. I never got it crash myself. |