Bug 458146 (CVE-2008-3546)
Summary: | CVE-2008-3546 git: Pathname Processing Multiple Buffer Overflows | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | bkearney, chrisw, jwboyer |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-03-29 09:42:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Hoger
2008-08-06 17:24:06 UTC
Looking at the patch, problem that was addressed was: char concatpath[PATH_MAX]; sprintf(concatpath, "%s%s", base, path); However, this overflow is caught by FORTIFY_SOURCE. RPMs are compiled with -D_FORTIFY_SOURCE=2 on Red Hat Enterprise Linux 5 and later. So on all current Fedora versions and EPEL5, overflow is detected before it happens and command execution is terminated. EPEL4 does not seem to use FORTIFY_SOURCE by default, so this can only be a concern there. On Fedora, this is only DoS, but I don't think such DoS needs to be treated as security sensitive. CVE id CVE-2008-3546 was assigned to this issue: Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep. Nico Golde pointed out two more related changesets: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=f66cf96 http://git.kernel.org/?p=git/git.git;a=commitdiff;h=620e2bb git-1.5.6.5-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/git-1.5.6.5-1.fc9 git-1.5.6.5-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. |